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[57] ABSTRACT 

A data communication system providing for the secure 
transfer and sharing of data via a local area network 
and/or a wide area network. The system includes a 
secure processing unit which communicates with a 
personal keying device and a crypto media controller 
attached to a user's Workstation. The communication 
between these processing elements generates a variety 
of data elements including keys, identifiers, and attri- 
butes. The data elements are used to identify and au- 
thenticate the user, assign user security access rights 
and privileges, and assign media and device attributes to 
a data access device according to a predefined security 
policy. The data elements are manipulated, combined, 
protected, and distributed through the network to the 
appropriate data access devices, which prevents the 
user from obtaining unauthorized data. 
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package that fits easily in a coat pocket. Crucial data 

DATA ENCLAVE AND TRUSTED PATH SYSTEM can be modified or destroyed, either directly or through 

the agency of technical entities such as "viruses" which 
FIELD OF THE INVENTION are introduced into the Workstations 10 and servers 
This invention relates generally to data communica- 5 through the agency of corrupted media or through the 
tion systems, and more specifically to secure data pro- wide area network connection, 
cessing on a data communication system. There are also threats to the privileged operations. 
r./w^^T.m ^~™™^. Unauthorized individuals, masquerading as someone 
BACKGROUND OF THE INVENTION eke, can causc disn^dve or^nwus directives to be 
Data Enclave 10 issued and thereby perpetrate sabotage and fraud. Mali- 
Individuals working in a departmental computing ''hackers" with access to the wide area network 
environment typically have a substantial amount of can use that network to "reach in" to the departmental 
computing power on their desks in the form of personal computing environment and masquerade as authorized 
computers and workstations. A workstation has a com- „ users or otherwise obtain access to data, which they can 
putattonal subsystem, keyboard, and display fox user then transfer worldwide, again with no sign that corn- 
interaction, and typically substantial amounts of local promise has occurred. 

data storage in the form of fixed and removable media. Accordingly, there is a need for techniques whereby 

In order for the individual in the departmental com- b departmental computing system 1 can be converted 

puting environment to interact and share data, their into a "data enclave." Within such an enclave: 

workstations are typically attached to a local area net- (1) Data can be restricted to a single organization, 

work (LAN) which permits the transfer of data files and such as a government agency or a corporation, 

electronic mail between the workstations. In addition, (2) Sharing of data between organizational elements 

"servers" may be attached to the LAN to provide spe- (directorates, departments, projects, etc.) can be con- 

cialized services, such as the management of centralized trolled. For example, it may be required that data such 

databases, which are not practical for individual work- 25 as a telephone directory be accessible by every en> 

««tions. ployee, but data such as engineering drawings should 

Departmental computing environments are typically not be allowed to circulate throughout the whole cor- 

members of a larger organization or have other reasons poration. 

to communicate with computing facilities outside them- (3) Sharing of data between individuals in organiza- 
selves. They therefore make use of a special land of tionaI elements can be controlled. For example, even 

^'J^lJFSfiQ 9 to^^J 04 ^^ though an individual is a member of the engineering 

? etW ^^ A !S- ^? ^ J?" i t f C T e ? ed department, that individual may not have a "need to 

^Ded^teraetUng") to provide world-wide data ^ for all of the drawings in the department 

transmission paths. ^ (4) Data is protected from technical attacks such as 

Departmental Computing Environment 'Viruses" and dl worms. H 

a Hmir*i rt ™ 0 ti H*^.rt««,t-i ( 5 ) Intellectual property is protected irrespective of 

A typical overall departmental computing environ- whether it b on electronic media, bang processed in a 

meat is shown in FIG. 1. In the departmental computer „, TT *. ; r^»7 vwa * J , v*7~* 111 

. v * i T, r" Workstation, or bang transferred around the local area 

environment 1, large amounts of valuable data is stored ne t W ork. IUWU 

on magnetic or other electronic Media 2, 4 for process- 40 /jriT . . , . , • . . _ 
ing in the Workstations 10 and file servers (not shown). Jf>^ST? >, "T™ 
This media offers the benefits of compact storage, easy md disruption of operations, such as would occur if 
retrieval, and in the case of removable Media 4 (e.g* * e ™ de ■» Mtwork were fbrmdoen. 
"diskettes"), convenient sharing and distribution. <*> Privileged operations are restricted to those users 
In addition, data is transmitted freely around the *5 P°f**f"?g the requisite privileges and cannot be in- 
Local Area Network 12 and occasionally through a voked, through masquerading or other technical means, 
Gateway 14 to the Wide Area Network 16 and Remote by unauthorized users. 

Sites 18. This transmission is necessary in order for the As ^ own m overview form in FIG. 3, and as will be 

organization performing departmental computing to described more fully in the Detailed Description of the 

perform its internal work and interact with the outside 50 Invention, the facilities provided by the present inven- 

world. tion convert a departmental computing environment 

There is also a requirement that certain operations, iato a "data enclave" 20 with a well-defined perimeter 

including but not limited to the transmission of data to a Sharing of data within the Enclave 20 is controlled, 

the outside world, be restricted to individuals who pos- movement of data within and outside the enclave 

sess special privileges. Examples of such operations are 35 can only be effected by authorized individuals with 

messages (electronic mail) which are directive in na- suitable privilege. There are no "sneak paths" or 

ture, such as users to transfer funds, and operations such "holes" that exist 

as the adding of new orders or the granting of limited The present invention also minimizes the damage that 

access to departmental data to users on the Wide Area can be done by privileged individuals who become 

Network 16 (remote login and file transfer). 60 subverted. Cryptographic keys are transmitted and 

A . . _ _ ^ . stored entirely in enciphered form, and well-known 

Threats Against Department Computing Environment techniques (called "antitamper" technology) can be 

The threats against the departmental computing envi- used to protect an enclave key when it is in use inside a 

ronment are shown in FIG. 2. cryptographic device. Theft of elements of the present 

The data in this environment is vulnerable to theft 63 invention does not compromise any part of the opera- 

and tampering. Removable media can be stolen, copied, tion of the invention. 

and returned with no sign that loss has occurred. The Individuals desiring access to Media 2,4 have to deal 

fruits of thousands of hours of labor can be stolen in a with a Secure Computer 24, in this case a security 
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server, only when Media 2,4 is initialized. "Unlocking" (3) Masquerade as another user. In this attack, a sub- 
a unit of Media 2,4 requires an operation no more com- verted or malicious individual gains access to a legiti- 
plicated than using a television remote control. Over- mate site, but then is able to masquerade as a different, 
head and delay is concentrated at the time a Media 2,4 and in general more privileged, human user. The major- 
is 4 *unIocked , \ and no delays or incompatibilities are 5 hy of the so-called "insider" attacks are of this form, 
introduced during operations using the Media 2 or 4. (4) Surreptitiously transform data. This is a sophisti- 

Remotely invoked privileged operations at the secu- cated and extremely dangerous form of attack in which 

rity server 24 are under the positive control of the user. some intermediate element in the path between the 

That control is cryptographically protected and mutu- human user 5 and the secure computer performs "two- 

aUy authenticated. . 10 f aced - actions. That is, the element displays one set of 

Identification and authentication of users to the secu- <hta to the human user 5 while simultaneously transmit, 

nty server 24 is both simpler and more robust than ^ something else t6 the Secure Computer 24. For 

former implementations such as passwords. The same example, malicious software in a Workstation may be 

basic steps are used for security operations dealing with programmcd to dctcct a fo nds ^fc, ordcX( Ln 

M?**:'? 1 * dcalm « purity server 24. 15 modify the amount or the recipient in ways no intend* 

In the data protection area, the system associates foP ' hv th . „^ . H 7 

Media 2 or 4 primarily with users and secondarily with r^M^Lt Tl^J^ _ trtm u- t * 
machines or Workstations 10. This is a more natural JPJ^^^^^^ T?^ ^ 
structure than one where media is only useable on a 80106 mtcrme<hate element diverts, copies, 

single machine or Workstation 10. * 20 £ ^^X^^^T^ keys totined 

Control logic computes allowed access at the last ? J"*? ^SSt^Zl^ J^"*"* 5 
possible moment using the combination of an "access ^^^^^^ t wh ° CTy T 
vector" assigned to an individual and the "device attri- devi ^" d ^h to use them to either de- 

butes" assigned to a particular Workstation 10, which fT^ P ^ orpmpm and encipher forger- 

can be used to enforce a variety of security policies. For 25 ^^i* * to the secure computer, 

example, an individual's access to data may be restricted . . Tru$ * cd Path » »ccording to the present inven- 
not only on the basis of the individual's attributes but tl0n ' B ^ for security-relevant interactions between a 
also to protected physical locations. Thus an individu- 1 l uman ™F " d a ^° UTe Computer 24. These interac- 
aTs access vector may grant "read" access to a unit of toons m m }° broad categories, as set forth 
media which contains proprietary engineering data, but 30 . (I) Wentification and Authentication. In these opera- 
the comparison against the device attributes making the tlom » ™ numan U8cr * identifying himself or herself to 
access, may restrict display of the contents of the unit of ?* c ^"f* Computer 24 for purposes of secure process- 
media to those machines inside a particular facility or There are two aspects to identification and authen- 
office. Physical security measures can then be used to tication: authenticating the identity of the human user 
restrict who may be in the vicinity when the data is 35 miA authenticating the location (eg. a Workstation 10) 
displayed. Previous implementations in this area have from which the human user is accessing the Secure 
permitted only an "all or nothing" approach to access. Computer 24. Both aspects are used by the Secure Com- 
puter 24 to determine the nature of information it will 
Trusted Path display to, or the kinds of actions it will permit to be 
The problems addressed by the Trusted Path rune- 40 initiated by, the human user. The use of both aspects 
tions arise because of the use of networks 12 and Work- enables the implementation of sophisticated security 
stations 10 to communicate between human users and policies by the Secure Computer 24. For example, an 
secure computers 24. Malicious hardware and/or soft- individual may be authorized to access engineering 
ware in the Workstation 10 or network, possibly operat- drawings, but only from terminals located inside the 
big in concert with a subverted user, has the ability to 45 engineering area; even though the individual is autho- 
perform the following hostile actions. rized for information, the policy may prohibit the indi- 

(1) Masquerade as a secure computer. In this attack, a vidual from exercising the authorization when in a resi- 
bogus secure computer (not shown) is installed on the dence or temporary lodgings. 

Network 12 and logically interposed between the legiti- (?) Trusted Command Initiation. These are opera- 
mate Secure Computer 24 and the human user. The 50 tions performed by the human user which have serious 
bogus secure computer then makes requests of the security consequences; they will, in general, involve the 
human user, displays forged or modified data, or other- exercise of some special privilege by the user. An exam- 
wise induces the user to perform some insecure act For pie of trusted command initiation is the decision to 
example, the bogus secure computer may intercept and override the security policy enforced by the secure 
discard a message giving a critical order, while all the 55 computer and release data to persons who would nor- 
time presenting displays to the human user which indi- mally be unauthorized to access it. Such a facility is 
cate that the message was sent. necessary to prevent the security policy from interfer- 

(2) Masquerade as a user site. This is the symmetric ing with proper operation in exceptional or emergency 
attack to that described in the previous paragraph. A situations. Another example is the exercise of a human 
bogus user site (not shown) is interposed between the 60 user of the privilege to send an official, cryptographi- 
legitimate human user and the Secure Computer 24. cally authenticated message which has the effect of an 
This bogus user site then accesses data, or performs order or directive. 

operations, which are in violation of the security policy. (3) Trusted Review. These are operations in which 
The location of the bogus user site enables it to intercept the human user wishes to be assure that some element of 
responses from the Secure Computer 24, so that the 65 data contained in the Secure Computer 24 is exactly as 
legitimate user is unaware that a bogus site is on the the user intended. For example, a human user may wish 
network. The bulk of the so-called "hacker" attacks to perform a trusted review of the aforementioned di- 
that appear in the popular press are of this class. rective prior to performing the trusted command which 
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adds an authenticator to the message and releases it as used to identify the corresponding media key for the 
. "signed" by that user. unit of media stored in a personal keying device, and to 

(4) Key Management. In these operations, the user is identify media attributes assigned to the unit of media, 
obtaining cryptographic keys from some central key Media attributes are associated with each unit of media 
distribution center and loading them in to local crypto- 5 to which a media UID has been assigned, and used to 
graphic devices 26 at the user's Workstation 10. represent the sensitivity or other security related iafor- 

The protocols of the Trusted Path are arranged so mation that may pertain to the data carried on that unit 
that all security alarms are raised at specified secure of media. 

computers 24, and there is no user responsibility for An access vector is associated with each media key to 
responding to an alarm. This feature is an improvement 10 form media key/access vector pairs, stored in the per- 
over traditional cryptographic checksum and other sonal keying devices, and used to represent the possible 
means which display alarms to users and require them conditions of access to' the data encrypted on themedia 
to notify the proper authorities, since it permits the for ^ ^ ^ ^ t0 Ae keyin ^ device 

present m vention to provide security for users 3 who holding the media key/access vector pair or pairs, with 
may be m physical locations where such notification is 15 ^ acccss vcctOT fonned ^ thTcorr^mimg 
notpossibJe. media attributes and user attributes, and a set of access 

3.? e .nT^ rules. The media key/ac^ss vect or p^ are rtored in 

protocols. This means that they are m£pJ^t& 

nature or topology of the network. All prior means for 20 ^^^^^^^1 ^*J™ 
achieving Trusted Path have depended somewhat on the f^ ve key ' ^attributes are assigned to each 
tnV3e or topology of th^neST m media con- 

The elements of the present invention are either free- J"*' 10 rcprCSCnt attrib *" * 

standing units, parts of an already distinguished Secure e workstations, . 
Computer 24, or devices which attach to existing inter. 25 . controller f^** 

faces to commercial Workstations 10. The only modifi- for j? 5 *"^ to data on the media 

cation required to a commercial Workstation 10 is a based on the user's PIN, the access vector and the de- 
software modification. No security reliance is placed on ^ a ^ utcs for thc workstation from which access is 
this modification, so that it can be rapidly and economi- attempted. 

cally made to the software of a wide variety of commer- 30 A ^omg to another aspect of the invention, there is 
ci*] muts. provided a Trusted Path for communication between a 

The present invention uses a small number of special workstation and a secure computer over a untrusted 
elements in a wide variety of ways. Maximum use is communication medium, the Trusted Path comprising a 
made of the cryptographic devices, which are typically lo # c control unit in the workstation and in the 
the most expensive parts of a data security device. The 35 computer, and an end-to-end authentication 

same devices are used for media protection and authen- toitcn exchange protocol used to assure the logic and 
ticated interactions with the Secure Computer 24. control unit in the workstation is communicating with 
Moreover, the elements of the invention are such that m authentic logic and control unit in the secure com- 
they can be constructed from readily available commer- puter, and vice versa. . The token exchange protocol 
cial technology. 40 operating by chaining transactions together so that a 

forged transaction entered into the interaction between 
SUMMARY OF THE INVENTION workstation and secure computer is detected the very 

The present invention provides a data enclave for next tune 8 legitimate transaction is received by a logic 
securing data carried on physical units of. fixed and ^d control unit. The system further including a crypto- 
removable media in a network including a server and 45 graphic checksum protocol used to assure transactions 
one or more workstations, with one or more of the between the logic and control units have not been tarn- 
workstations including the physical units of fixed me- pered with, the checksum protocol authenticating sin- 
dia. Protected storage is provided in the server and in gte transactions between the workstation and the secure 
each of the workstations, which also each include a computer rather than sequences of transactions. The 
crypto media controller in each workstation that can be 50 system also including an identification and authentica- 
used to read the fixed media and the removable media. tion protocol invoked when a user wishes to interact 

A personal keying device is assigned to each user in with the secure computer for some period of time, using 
the enclave, and an enclave key is held in the protected the keyboard and display of the workstation and the 
storage in the server and in each of the workstations, untrusted communications medium, the period of inter- 
and used to protect other keys stored or transmitted on 55 action being a session, and the act of initiating a session 
the network. Each user is provided a personal identifi- called logon, and that of terminating one is called log- 
canon number (PIN). A user unique identifier (user out 

UID) is assigned to each user in the enclave and is MT „ r*™^,_,~ M ^ ^ . „^ 

stored in the iter's personal keying device encrypted BRIEF DESCRIPTION OF THE DRAWINGS 
with the enclave key. User attributes are associated 60 The operational enhancements and features of the 
with each user to which a user UID has been assigned, present invention become more apparent from a consid- 
and used to represent the privileges and other security eration of the drawings and following detailed descrip- 
related information that pertains to that user. tion. 

A media key is provided for each unit of media, and FIG. 1 is a diagram illustrating a typical departmental 
used to encrypt and protect data carried on the media, 65 computing environment incorporating a local area net- 
with the media keys stored in the personal keying de> work with a wide area network, 
vices. A media unique identifier (media UID) is pro- FIG. 2 is a diagram illustrating possible threats 
vided for each unit of media, stored on the media, and against the departmental computing environment 
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FIG. 3 is an overall simplified block diagram of a FIG. 19 is a simplified block diagram illustrating the 

secure data processing system illustrating the Data En- steps for Media Key and Access Vector extraction, 

clave implementation. implemented in the Keying of Devices phase of Data 

FIG. 4 is a simplified block diagram of the main data Enclave operation, 

processing elements in the apparatus implementing the 5 FIG. 20 is a simplified block diagram illustrating the 

present invention. steps for Media Key and Access Vector use, imple- 

FIG. 5 is a simplified block diagram of the Worksta- mented in the Keying of Devices phase of Data Enclave 

tion data processing elements using a Workstation con- operation. 

figuration supporting coprocessor cryptography. F1Q. 21 is a simplified block diagram illustrating the 

FIG. 6 is a simplified block diagram of the Worksta- 10 5tcps for ^ initialization of the authentication process, 

tion data processing elements using a Workstation con- implemented in the Identification and Authentication 

figuration supporting inline cryptography. phase of Trusted Path operation. 

FIG. 6A is a pictorial diagram of a personal keying no. 22 is a simplified block diagram illustrating the 

device illustrating the appearance, features, and func step for the authentication of identity and the establish- 

""JSu „ . . ... . ment of privileges, implemented in the Identification 

FIG. 6B is a schematic diagram of the data elements Authentication phase of Trusted Path operation, 

created and utilized for the protection of data m the FIG. 23 is a simplified block diagram illustrating the 

pr SS* mventlon - .... . , . .. .„ . ^ . step for the preparation and transmission of the "Re- 

FIG. 7 b a simplified block diagram illustrating the sponse Packet", implemented in the Identification and 

steps for the extract on of user data at the Workstation, 20 Authentication phase of Trusted Path operation, 

implemented in the Media Initialization and Key Gener- FIG. 24 is a simplified block diagram illustrating the 

ation phase of Data Enclave operation. step for the completion of the authentication sequence, 

-Tfn, iZ SSS^L^ Implemented in the Identification and AuthoLtta 

step for preparation and sending of a Request Packet", pha$e 0 f Trusted Path operation, 
implemented in the Media Initialization and Key Gener- FIG. 25 is a simplified block diagram illustrating the 

aoonph^ofDataadaveoperauon. „ for ^ of , prfvuegedTperation. tople! 

«T • j uT l » steps for the detenmnauon of privileges, implemented 

tion of a Media UID, implemented in the Media Initial- r^n rr« . ^^ur^A m^u au « A , 

*-» <> f °- enclave » ^"toSS^ 

TO. li is a simplified block diagram illustrating the Wvfci- ServiceS phaSC ° f Tmtcd Path 

steps for Access Vector generation, implemented in the t?io n . ™ vr~* ui t. j- .„ . 
Media Initialization and Key Generation phase of Data n< *. 28 is a simplified block dagrarn illustrating the 
Enclave operation. ~ J* *? acknowledgment, imple- 

FIO. 12 is a simplified block diagram illustrating the mentcd m thc P™ 1 **** Services phase of Trusted Path 
steps for "Key Packet" generation and storage, imple- 

mented in the Media Initialization and Key Generation FIG. »isablcx:k aaagramof a secure daU processing 
phase of Data Enclave operation. sy $* m *Hustratnig the Trusted Path implementation. 

FIG. 13 is a simplified block diagram illustrating the 45 , * 1G - 30 J" • ^Plmed block diagram showing the 
steps for Media UID and "Key Packet" assignment, wemente of the Trusted Path when Workstation Unit 
implemented in the Media Initialization and Key Gener- 102 * u ff d f only . for authenticated communications be- 
ation phase of Data Enclave operation. twccn workstation 131 and Secure Computer 104. 

FIG. 14 is a simplified block diagram illustrating the HG * 31 is a simplified block diagram showing the 
steps for extracting identification data and forming a 50 dcments of Trustcd Pat h when Workstation Unit 
Request, implemented in the Key Assignment phase of 102 18 used for protection of critical and sensitive data at 
Data Enclave operation. Workstation 131 as well as authenticated communica- 

FIG. 13 is a simplified block diagram illustrating the between Workstation 131 and Secure Computer 

step for the encryption and transmission of a "Request 

Packet", implemented in the Key Assignment phase of 55 FIG - 32 is a simplified block diagram illustrating the 
Data Enclave operation. internal logic of Cryptographic Units 112 and 142. 

FIG. 16 is a simplified block diagram illustrating the KG. 33 is a flow diagram detailing the steps used by 
steps for the computation of an Access Vector, imple- the Authentication Token Exchange Protocol to 
mented in the Key Assignment phase of Data Enclave "chain* 1 together transactions of other protocols in 
operation. 60 Trusted Path operation. 

FIG. 17 is a simplified block diagram illustrating the PIG. 34 is a pictorial diagram displaying the locations 
steps for key generation, storage, and transmission, of the user-visible elements of theTrusted Review Pro- 
implemented in the Key Assignment phase of Data tocol used in Trusted Path operation. 
Enclave operation. ■ FIG. 35 shows an alternate embodiment of the Data 

FIG. 18 is a simplified block diagram illustrating the 65 Enclave system, 
step for the transfer of the key to the personal keying FIG. 36 shows the configuration for initializing fixed 
device, implemented in the Key Assignment phase of media according to the alternate embodiment of FIG. 
Data Enclave operation. 35. 
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FIG. 37 shows the configuration for initializing re- tor size. Personal Keying Devices 30 may also be 

movable media according to the alternate embodiment equipped with theft detection circuitry to prevent them 

of FIG. 35. from being physically removed from the enclave work- 

DETAILED DESCRIPTION OF THE ^ mgarea. 

INVENTION Crypto Media Controller 

In the following detailed description of the preferred The standard media controller on each Workstation 

embodiments, reference is made to the accompanying . 10 is replaced with a Crypto Media Controller 26. 

drawings which form a part hereof, and in which is Crypto Media Controllers 26 perform key management^ 

shown by way of illustration, specific embodiments in 10 media encryption and decryption, and authentication 

which the invention may be practiced. It is to be under- functions. A Crypto Media Controller 26 has the same 

stood that other embodiments may be utilized and struc- interfaces as the standard media controllers, as well as a 

tural changes may be made without departing from the data transfer interface that is compatible with the one 

scope of the present invention. on the Personal Keying Device 30. The Crypto Media 

The term "logic" is used throughout the ensuing 15 Controllers 26 can be the same size as the standard 

description with reference to the structure of various media controllers they replace, 
electronic components of the invention. The term is 

intended to have a broad meaning, and to encompass Data 

hardware unplemenations, software implementations, The present invention also includes a variety of data 

and combinations thereof. 20 elements, as described below and schematically repre- 

Processing Elements SC Enclave Key 

The present invention consists of processing elements There is one Enclave Key 40 per organization. It is 

and data elements. The interrelation of the processing held in protected storage in the Security Server 24 and 

elements is ihown generally in FIGS. 3 and 4 (in part 25 the Crypto Media Controllers 26, and is used to protect 

described above) and in more detail in FIGS. 5 and 6. Media Keys 42 when they are being transmitted along 

The descriptions given below show cryptographic pro- the LAN 12. 

tection provided only to those distinguished transmis- Media Key 

sions required in the operation of the invention. In such There is one Media Key 42 assigned to each physical 

a case, the elements of the invention are preferably 30 unit of the media, whether that unit is fixed 2 or remov- 

arranged with regard to the Workstation 10 as shown in able 4. Assignment is done when the media is initialized 

FIG. 5. at the Workstation 10. This key is used to protect the 

If it is desired to protect all transmissions over the data on the Media 2 or 4. 

Local Area Network 12, eg., to prevent wiretapping or Combined Keys 

other monitoring by unauthorized personnel, then the 35 Combined Keys 44 are generated in the operation of 

Crypto Media Controller 26 could be used to encipher the present invention from other data elements and 

and decipher all data going out over the Network 12. In keys. 

this case, the dements of the invention could be ar- Media Unique Identifier (Media UID) 

ranged with regard to the Workstation 10 as shown in Each physical unit of media, whether fixed 2 or re- 

FIG. 6. 40 movable 4, is assigned a Media Unique Identifier 46 

Security Server " (Media UID). This number is generated by the Security 

y Server 24, and stored in whatever field the Media 2 or 

The Security Server 24, a secure computer, is a distin- 4 software uses to identify physical units (e.g., Volume 

guished server that performs gateway and security Label). The Media UID 46 is used to find the appropri- 

functions at the interface between the Local Area Net- 45 ate Media Key 42 in the Personal Keying Device 30, 

work 12 and the Wide Area Network 16. It also per- and to locate that data pertaining to the unit of media 

forms the key management and backup functions for the which is stored in the Security Server 24 (eg., Media 

cryptography in the Enclave 20. The Security Server Attributes). 

24 can be implemented in the form of a secure computer User Unique Identifier (User UID) 
for example, as disclosed in U.S. Pat. No. 4,621,321 to 50 Each individual who has potential access to en- 
Boebert et al, entitled "Secure Data Processing System crypted media is assigned a User Unique Identifier 48 
U.S. Pat No. 4>713,753 to Boebert et al, entitled "Se- (User UID) which is stored in that user's Personal Key- 
cure Data Processing System Architecture with For- ing Device 30, encrypted with the Enclave Key 40. The 
mat Control", and U.S. Pat. No. 4,701,840 to Boebert et User UID 48 forms part of the key used to protect 
al, entitled "Secure Data Processing System Architec- 55 Media Keys 42 in the Personal Keying Device 30, and 
ture". is used to extract that data pertaining to the user 5 

Personal Keying Device ArSbuJes) " ^ * ( **' 

Each user 5 is issued a Personal Keying Device 30. Personal Identification Number (PIN) 

Personal Keying Devices 30 are used for key insertion 60 Each user 5 is assigned a Personal Identification 

and individual authentication. A Personal Keying De- Number 50 (PIN), which is used to form part of the key 

vice 30 (shown in more detail in FIG. 6a) preferably that protects Media Keys 42 in the Personal Keying 

contains fixed or removable electronic storage and pro- Device 30. 

cessor 32, a keypad 34, a display 36, and a data transfer Access Vector 

interface 38 that can be either wired or wireless (eg., 65 An Access Vector 52 is associated with each Media 

radio, infrared) and is compatible with an interface 31 Key 42 stored in a Personal Keying Device 30. The 

on a Crypto Media Controller 26. The Personal Keying Access Vector 52 is used to represent those possible 

Device 30 can be highly portable, e.g., pocket calcula- conditions of access to the data enciphered with that 
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Media Key 42 that may apply to the individual assigned indication to a user that the communication in which 
to that Personal Keying Device 30. the user is engaged, is taking place over a Trusted Path 

Media Attributes to the Security Server 24. 

Media Attributes 54 are associated with each element Countersigns 62 are arranged so that the logic in the 
of Media 2 or 4 to which a Media UID 46 has been 5 Security Server 24 can, for any given Countersign 62, 
assigned. Media Attributes 54 are used to represent the determine what the previous Countersign 62 in the 
sensitivity or other security related information that sequence was. That is, given a Countersign 62, the Se- 
may pertain to the data on that element of media. curity Server 24 can compute or retrieve a correct 

User Attributes value of the previous one, which is called the "last 

A set of "User Attributes** 56 are associated with 10 countersign" 62'. 
each user to which a User UID 4S has been assigned. „ „^ _ 

User Attributes 56 are used to represent the privileges OPERATION OF DATA ENCLAVE 20 

and other security related information which pertains to The present invention makes use of cryptography to 
that user. protect the data on Media 2 or 4 and uses an innovative 

Device Attributes 15 method to distribute and protect the cryptographic keys 

Device Attributes 58 are assigned to each Crypto in order to achieve security, flexibility, and ease of use. 
Media Controller 26, and reflects the Security Attri- The same cryptographic services are used to prevent 
butes 57 of the machine in which the Crypto Media unauthorized access through the Wide Area Network 
Controller 26 is installed. Device Attributes 58 are com- 16, or the unauthorized use of privileged services, 
bined with Access Vectors 52 to set limits on media 20 As described in more detail below, protection of the 
access (e.g., read only). Device Attributes 58 are typi- data on Media 2 or 4 takes place in three broad phases, 
caliy defined by the physical security measures which The first phase, which is done very infrequently, is 
surround the Workstation 10 in which the Crypto media initialization and key assignment to the individual 
Media Controller 26 is installed. For example, a Work- user 5 requesting the initialization. The second phase, 
station 10 installed in an open environment may have 23 which is also infrequently done, is the assignment of a 
Device Attributes 58 set to "Authorized to Process key for already-initialized Media 2 or 4 to additional 
Public Data Only", whereas one in a closed engineering individuals. The third phase, which is done more fre- 
facility may have Device Attributes 58 set to "Autho- quently, is the keying of devices, so access to the data 
rized to Process Proprietary Engineering Data." may be made. 

Requests 30 

Requests 60 are transmitted back and forth between Medm Initialization and Key Generation 

the Crypto Media Controller 26 and Security Server 24 The media initialization and key generation phase 
in the course of operations which require cooperation generates a Media Key 42 and an Access Vector 52 for 
between the two devices. Requests 60 contain a variety a unit of Media 2 or 4 and places them in enciphered 
of information depending on the nature of the operation 35 form in the Personal Keying Device 30 assigned to the 
being performed as well as optional integrity fields such individual requesting the initialization. This data is also 
as cyclic redundancy checks or check sums. archived in the Security Server 24 so that it may be 

Countersigns restored at a later time. 

The purpose of the Countersign 62 logic is to prevent 
malicious code in the Workstations 10 from masquerad- 40 Assignment 
tog « the Security Server 24, and thereby duping users The key assignment phase assigns a Media Key/Ac- 
5 into taking inappropriate actions. Each time a user 5 is cess Vector pair, or combination, for an already-initial- 
identified to the Security Server 24 (e.g., each new ized unit of media to a new individual. The Media Key 
session), the Security Server 24 generates a 'fresh" 42 will be a copy of the one generated when the unit of 
Countersign 62. Countersigns 62 are words, symbols, or 45 Media 2 or 4 was initialized. The Access Vector 52, 
phrases which are easy to remember and which are since it depends on User Attributes 56 as well as Media 
generated by some process which makes it computa- Attributes 54, will be newly computed, 
tionally infeasible to guess from one Countersign 62 

what the value of the next one will be. The Countersign Keying of Devices 

62 for a session is presented by the Security Server 24 as 50 The keying of devices phase automatically extracts 
a header to each message it sends to the user 5 when the proper Media Key/Access Vector combination 
communicating over a Trusted Path. from the Personal Keying Device 30, decrypts them 

The present invention also provides a 'Trusted and uses them to allow controlled access to the unit of 
Path." A Trusted Path is a logical communications path Media 2 or 4. The Media Key/Access Vector combina- 
between a human user 5 and the Secure Computer 24 55 tion are enciphered with a Combined Key 44 which 
(FIG. 3). A Trusted Path differs from other modes of includes the user's PIN 50. This restricts a particular 
communication in that there is a high degree of assur- Media Key./Access Vector combination to the mdivid- 
ance on the part of both parties that the communication ual to whom it was assigned, 
is authentic; that is, the human user is truly seeing what 

the secure computer intends the human user to see, and 60 Media Initialization and Key Generation 

the secure computer is making decisions on the basis of The operations in the Media Initialization and Key 
precisely what the human user has transmitted to it. Generation Phase occur when a blank unit of Media 2 
The Countersign 62 is displayed to the user 5 on the or 4 is to be prepared for safe use in the Enclave 20. This 
Personal Keying Device 30 when the Trusted Path is in preparation involves initializing the Media 2 or 4 as- 
effect, and is protected from the Workstations 10 and 65 signing a Media UID 46 to it, generating a Media Key 
the communications media by cryptography and is 42 which is unique to that unit of media, and assigning 
computationally infeasible to guess. Its presence on the a Media Key/Access Vector pair to the user 5, initial- 
display of the Personal Keying Device 30 is a positive izing the media. 
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The operations in this phase are keyed to the dia- Security Policy Logic 86 accepts the Media Attri- 
grams in FIG. 7 through FIG. 13. The logic used to butes 54 and User Attributes 56, and, using a set of rules 
implement the Trusted Path facilities is omitted from defined by the administrators of the facility, computes 
these diagrams. an Access Vector 52 which defines limits on the access 

Step 1 (FIG. 7) 5 this user 5 may have to this unit of Media 2 or 4. This 

An individual brings together a blank unit of physical computation may involve the intervention of adminis- 
Media 2 or 4 and his or her Personal Keying Device 30 trative personnel to authorize or deny the granting of 
to a Workstation 10 which is equipped with a Crypto certain privileges. 
Media Controller 26 and attached to a Local Area Net- Step 10 (FIG. 12) 

work 12. If the Media 4 is removable, this is done by 10 Key Management Crypto 70, with the optional aid of 
carrying Media 4 and Personal Keying Device 30 to an authorized individuals, then generates a Media Key 42 
appropriate Workstation 10. If Media 4 is permanently for this unit of Media 2 or 4. The manner of generation 
installed (Fixed Media 2), Personal Keying Device 30 is can involve computation, access to stored tables, re- 
brought to the Workstation containing the fixed media quests for inputs from authorized individuals, or any 
controlled by Crypto Media Controller 26, and the IS combination thereof Other methods of key generation 
Workstation 10 is temporarily attached to the Local may also be used. The Media Key 42 and Access Vector 
Area Network 12. 52 pair 91 are enciphered with a combined key 44 con- 

Step 2 (FIG. 7) sisting of the User UID 48, the user's PIN 50 and the 

The individual user 5 desiring access to Media 2 or 4 Enclave Key 40. 
then enters his or her PIN 50 into Personal Keying 20 

Device 30 which transmits it to Crypto Media Control- Stc P 11 F 10 - **) 

ler 26, where it is stored for use in later steps. The enciphered packet is sent to Storage Search 

Step 3 (FIG. 7) Logic 72 where the User UID 48 and Media UID 46 are 

Crypto Media Controller 26 then extracts the en- used to store the enciphered packet 92 in Crypto Key 
crypted User UID 48, from their Personal Keying De- 25 Data Base 84. The Media UID and the enciphered 
vice 30, decrypts the User UID 48 using the Enclave packet 92 are transmitted along the LAN 12 to Crypto 
Key 40, and stores it for use in later steps. Media Controller 26. 

Step 4 (FIG. 8) Step 12 (FIG. 13) 

Crypto Media Controller 26 forms a packet consist- The Media UID 46 arrives at Crypto Media Control- 
ing of the PIN 50, the User UID 48, and a Request 60 30 ler 26 and is written to the appropriate location on 
for media initialization. The request field will include Media 2 or 4 (e.g., Volume Label), 
the nature of the request and appropriate supporting Step 13 (FIG. 13) 

data such as the Security Attributes 57 to be assigned to The enciphered Media Key/Access Vector pair 
Media 2 or 4. Key Management Crypto 70 in Crypto packet 92 arrives at Crypto Media Controller 26 and the 
Media Controller 26 enciphers it using the Enclave Key 35 Media UID 46 is used as an index to store the enci- 
40, and transmits it across the Local Area Network 12 phered pair packet 92 in Personal Keying Device 30. 
to Security Server 24. At this point the initialization process is complete. 

Step 5 (FIG. 9) The media can be identified and the individual Personal 

Security Server 24 receives the encrypted packet 90, Keying Device 30 contains a Media Key 42 which can 
decrypts it using its copy of the Enclave Key 40, and 40 only be used by someone who has physical possession of 
stores the PIN 50, User UID 40, and Hequest 60 for use that Personal Keying Device 30, knows that individu- 
in later steps. al's PIN 50, and has the Media 2 or 4 controlled by a 

Step 6 (FIG. 10) Crypto Media Controller 26 containing the Enclave 

Storage Search Logic 72 in Security Server 24 uses Key 40. The individual's Personal Keying Device 30 
the User UID 48 to index User Attribute Data Base 80, 45 also contains an Access Vector 52 which defines further 
which returns a pass value if the PIN 50 entered by the restrictions on access in a manner that is specific to the 
user 5 in Step 1 is the same as that stored in the data individual who has physical possession of that Personal 
base, i.c, a valid PIN 50. User Attribute Data Base 80 Keying Device 30 and knows that individual's PIN 50. 

returns a fail value if the PIN 50 entered by the user is . 

invalid. A fail value will cause the initialization process 50 Kcv Assignment 

to abort and a notification to be sent back to Crypto The operations in the Key Assignment Phase of the 
Media Controller 26, which will display it to the user 5 invention occur when an already-initialized unit of 
in an appropriate fashion. The abort sequence is not Media 2 or 4 is to be shared with a user 5 other than the 
diagrammed in the figures. one who initialized it. In this case, the unit of Media 2 or 

Step 7 (FIG. 10) 55 4 has a Media Key 42 generated for it, and a Media 

Storage Search Logic 72 extracts the Media Attri- Key/Access Vector pair 91 has been assigned to the 
butes 54 from the Request and commands Media Attri- initial user of the unit Media 2 or 4. The necessary steps 
bute Data Base 82 to make an entry for the new element are to copy the Media Key/Access Vector pair 91 to 
of Media or 4. Since Media Attribute Data Base 82 is the new user 5. 

indexed by the Media UID 46, this has the effect of 60 The operations in this description are keyed to the 
creating a new Media UID 46 which is sent to Crypto diagrams in FIG. 14 through FIG. 18. The logic used to 
Media Controller 26 and saved for use in later steps. implement the Trusted Path facilities is omitted from 

Step 8 (FIG. 11) these diagrams. 

Storage Search Logic 72 uses the User UID 48 to Step 1 (FIG. 14) 
index User Attribute Data Base 80 and extract the set of 65 An individual brings together a unit of physical 
Security Attributes 57 pertaining to this user, and passes Media 2 or 4 and his or her Personal Keying Device 30 
these attributes to Security Policy Logic 86. to a Workstation 10 which is equipped with Crypto 

Step 9 (FIG. 11) Media Controller 26, and which is attached to the Local 
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Area Network 12. If Media 2 or 4 is removable, this is Step 1 1 (FIG. 17) 

done by carrying Media 4 and their Persona] Keying Logic 

Device 30 to an appropriate Workstation 10. If Media 2 The Media UID 46 is used by Storage Search 72 to 
or 4 is permanently installed (fixed media), Persona] find an enciphered key packet in Crypto Key Data Base 
Keying Device 30 is brought to the computer contain- 5 84 which has been previously stored and which con- 
ing the fued Media 2 controlled by Crypto Media Con- tains a Media Key 42 for this unit of media. Since the 
trailer 26. Media 2 or 4 has been initialized and assigned a Media 
Step 2 (FIG. 14) UID 46, then at least one such packet must exist Any 
The individual desiring access to Media 2 or 4 then such packet will suffice, since all packets pertaining to a 
enters his or her PIN 50 into Personal Keying Device 10 given unit of Media 2 or 4 will contain the same Media 
30 which transmits it to Crypto Media Controller 26, Key 42. When such a packet is found, the Media Key 42 
where it is stored for use in later steps. is extracted from it for use in later steps. 
Step 3 (FIG. 14) Step 12 (FIO. 17) 

Crypto Media Controller 26 then extracts the en* A new Key Packet 93 is formed consisting of the 
crypted User UID 48 from Personal Keying Device 30, 15 Media Key 42, Access Vector 52, User UID 48, and 

decrypts the User UID 48 using the Enclave Key 40 Media UID 46 and placed in Crypto Key Data Base 84 

and stores it for use in later steps. for archival storage and retrieval. 

Step 4 (FIG. 14) Step 13 (FIG. 17) 

Storage Search Logic 72 in Crypto Media Controller The Media Key and Access Vector pair 91 are end- 
26 then reads the Media UID 46 off Media 2 or 4 and 20 phered with a Combined Key 44 consisting of the User 

searches Personal Keying Device 30 for a Media Key- UID 48, the user's PIN 50, and the Enclave Key 40, and 

/Access Vector pair 91 for this unit of Media 2 or 4 for the enciphered packet 92 is transmitted along the LAN 

this user 5. Finding none, it generates a Request 60 for 12 to Crypto Media Controller 26. 

key assignment Step 14 (FIG. 18) 
Step 5 (FIG. 15) 23 The Media UID 46 is used as an index to store the 

Key Management Crypto 70 forms a request packet enciphered Media Key ./Access Vector pair 91 in Per- 

94 consisting of the PIN 50, User UID 48, Media UID sonal Keying Device 30. 

46 and Request 60, encrypts it with the Enclave Key 40, At this point the new individual's Personal Keying 

and transmits it over the Local Area Network 12 to Device 80 contains a Media Key 42 which can only be 
Security Server 24. 30 used by someone who has physical possession of that 

Step 6 (FIG. 16) Personal Keying Device 30, knows that individual's 

Security Server 24 receives the encrypted packet 94, PIN 50, and has the Media 2 or 4 controlled by a Crypto 

decrypts it using its copy of the Enclave Key 40, and Media Controller 26 containing the Enclave Key 40. 

stores the PIN 50, User UID 48, Media UID 46 and The individual's Personal Keying Device 30 also con^ 

Request 60 for use in later steps. 35 tains an Access Vector 52, which defines further restric- 

Step 7 (FIG. 16) tions on access in a manner that is specific to the indi- 

Storage Search Logic 72 in Security Server 24 uses vidua! who has physical possession of that Personal 

the User UID 48 to index User Attribute Data Base 80. Keying Device 30 and knows that individual's PIN 50. 

User Attribute Data Base 80 returns a pass value if the . 

PIN 50 entered by the user 5 was the same as that stored 40 Keymg of Devices 

in the data base (i.e. valid). User Attribute Data Base 80 The operations in the Keying of Devices Phase occur 

returns a fail value if the PIN 50 entered by the user is when a Media Key/Access Vector pair 91 for a unit of 

invalid. A fail value will cause the assignment process to Media 2 or 4 has been assigned to a user 5, and that user 

abort and a notification to be sent back to Crypto Media 5 wants to exercise the assigned accesses. The steps in 

Controller 26, which will display it to the user in an 45 this description are keyed to the diagrams in FIGS. 19 

appropriate fashion. The abort sequence is not dia- and 20. The logic used to implement the Trusted Path 

grammed in the figures. facilities is omitted from these diagrams. 

Step 8 (FIG. 16) Step 1 (FIG. 19) 

The User UID 48 is used as an index into User Attri- An individual user 5 establishes a data transfer inter- 
bute Data Base 80 by Storage Search Logic 72, and the 50 face between his or her Personal Keying Device 30 and 
Security Attributes 57 of the user 5 requesting key as- any Crypto Media Controller 26 containing the En- 
signment are extracted and passed to Security Policy clave Key 40, and between that Crypto Media Control- 
Logic 86. ler 26 and Media 2 or 4 the individual user 5 desires to 
Step 9 (FIG. 16) access. In the latter case, this will involve placing the 
The Media UID 46 is used as an index into Media 55 unit of Media 4 into the appropriate device (eg., dis- 
Attribute Data Base 82 by Storage Search Logic 72, and kette drive), 
the Security Attributes 57 of the denoted item of Media Step 2 (FIG. 19) 

2 or 4 are extracted and passed to the Security Policy The individual user 5 desiring access to Media 2 or 4 
Logic 86. then enters his or her PIN 50 into Personal Keying 
Step 10 (FIG. 16) 60 Device 30 which transmits it to Crypto Media Control- 
Security Policy Logic 86 accepts these Attributes 57, ler 26, where it is stored for use in later steps, 
and, using a set of rules defined by the administrators of Step 3 (FIG. 19) 

the facility, computes an Access Vector 52 which de- Storage Search Logic 72 in Crypto Media Controller 

fines limits on the access this user 5 may have to this unit 26 reads the Media 2 or 4 and extracts the Media UID 

of Media 2 or 4. This computation may involve the 65 46. 

intervention of administrative personnel to authorize Step 4 (FIG. 19) 

the granting or denying of certain privileges. This Ac- Using the Media UID 46, Storage Search Logic 72 

cess Vector 52 is saved for use in later steps. searches Storage 78 in Personal Keying Device 30 and 
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otncts the enciphered Media Key/Access Vector pair unequal then h is known that the identification and 
packet 92 and passes it to Key Management Crypto 70. authentication process has been compromised and suit- 
Step 5 (FIG. 19) able alarms are raised. 

The enciphered User UID 48, is fetched from Per- The manner in which this mechanism operates can be 

sonal Keying Device 30 and deciphered using the En- 5 made clear from example. Assume that thesequence of 

e ? y J?„ .„ Countersigns 62 is "A." **B," "C." etc. Further assume 

SfVt*" ?J?L «. -. , „ _ that s given user's Personal Keying Device 30 contains 

.kP^Y^ 4 ?' ™\ mi ****? K 2 40 the Last Countersign 62' value "A* Since it is cotnpma- 

VT A K 7 " t0 ** tionally infeasible for an attacker to guess this valued the 

crypt the Media KeyMccess Vector packet 91 The 10 attacker's recourse is to either steal thePersonal KryZ 

^* v!^« * ^? ^ " d *£? Device 30 or copy the data from it * 

am 7fFif* ^hY? Passed to Access Control Logic 76. If the attacker steals the Personal Keying Device 30. 

«7 tii r . . « • » ,i i . then its absence will be noted and alarms will be raised 

Worksution's lOmternal lope makes a request for if the attacker copies the Last C^l^igTer a^Ty 

data. That logic need not be aware the data is protected 15 »«w*— . , . . . ^ **7 , Dy 

by cryptography. The request illustrated in the figure* E!SZ^^ 8 f eB ?^ Bfte 

a "read" request, but the handling of "write" requests ^^fv. f ^? ^ "^f*"*- 

aresymmetria bon process will update the Last Countersign 62' value 

Step 8 (FIG 20) m the spinous Personal Keying Device 30 to "B." 

Enciphered daU 3, is then fetched from Media 2 or 4. 20 Sftf? IJTr? ? d 

Step 9 (FIG 20) authentication, the Last Counterside 62 m his or her 

DaU Crypto" 74 deciphers the data using the Media *T£ ^ * at ^ 

Key 42 and passes data 3 to the Access Control Logic ^^M^ by *** ScCUnty 24 8X1(1 

Step 10 (FIG. 20) 25 the copying and successful use of data from a 

Access Control Logic 76 consults the Access Vector f c f* onal Kcyin « 30 . ^ a fakc ^entity 

52 and the Device Attributes 58 contained within itself to P rcs f? t ? d *° »e Security Server 24 only until the 

and decides whether the desired mode of access time at which the legitimate user 5 attempts identifica- 

Cread." "write," etc.) shall be pennitted. If not, the tio ° md authentication. 

data transfer is aborted and an error indication is sent to 30 Tht steps involved in this phase of the operaticm are 

the Workstation 10. keyed to the diagrams given in FIG. 21 through FIG. 

At this point the data has been transferred to the The logic used in data protection is omitted from 

Workstation 10 for processing. Removal of the Media 2 t*** diagrams, 

or 4 or the Persona] Keying Device 30 from the Crypto Step 1 (FIG. 21) 

Media Controller 26 will cause the complete reset of the 35 ^ User 1310 encrypted with the Enclave Key 
Crypto Media Controller 26 and require the keying W) * extracted from the user's Personal Keying De- 
process be started from the beginning. vice 30* 

Step 2 (FIG. 21) 

Trusted Path The Last Countersign 62' (denoted "Old C/S" in 

Identification and Authorization 40 FIG. 21), encrypted with the Enclave Key 40, is ex- 

This phase of the operation involves the steps tracted from the user's Personal Keying Device 30. 

whereby a user 5 presents his or her identity to the Ste P 3 (FIG. 21) 

Security Server 24 and has that identity authenticated user 5 desiring access to operations on the Secu- 

and a set of privileges associated with the user 5 at the "ty Server 24 then enters his or her PIN 50 through the 

Security Server 24. 45 keyboard on the Personal Keying Device 30. 

This operation is protected against forged identities Step 4 (FIG. 21) 

and authentications, and so-called "replay** attacks in The User UID 48, and Last Countersign 62' are de- 

which malicious software in other Workstations 10 crypted, combined with the PIN 50, and re-encrypted 

masquerades as die authentications mechanism, accepts with the Enclave Key 40 for transmission to the Secu- 

identiflcation and authorization data (such as pass- 50 rity Server 24. 

words) from an unwitting user 5, and then passes that Step 5 (FIG. 22) 

data to an unauthorized individual. The combined Last Countersign 62', PIN 50, and 

The operation is also protected against compromise User UID 48 are decrypted using the Enclave Key 40 

of the authentication data in the Personal Keying De- and passed to the storage search logic 72. That logic 

vice 30. The invention uses the Countersign logic to 55 searches the User Attributes Data Base 80 for the au- 

effect this protection. It will be recalled that Counter- thentication record belonging to this user 5, compares 

signs 62 come in a sequence which is generated by the the User UID/PIN combination 92 that was entered 

Security Server 24, but which is computationally infea- against the stored value, and checks the Last Counter- 

sible for an outsider to guess. Thus, for each Counter- sign 62' from the Personal Keying Device 30 against the 

sign 62, the Security Server 24 (but no one else) can 60 stored value from the previous identification and au- 

determine the value of Last Countersign 62'. thentication interaction. Based on these checks the logic 

The Last Countersign 62' for a given is stored in a computes a Result 94 (e.g., "Login Successful," "Login 

distinguished location in that user's Personal Keying Failed") and in the case of successful identification, a set 

Device 30. At each identification and authentication of privileges which that user may exercise in future 

interaction the Last Countersign 62' is extracted from 65 interactions with the Security Server 24. Also in the 

the Personal Keying Device 30 and compared with the case of successful identification, the next Countersign 

Last Countersign 62' independently generated or re- 62 in the sequence is generated, stored in the User Attri- 

trieved by the Security Server 24. If the two values are bute Data Base 80 as the new Last Countersign 62, and 
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saved for use in the next step. This value is denoted proceed. The operation is terminated by a series of steps 

"New G/S" in the figures. which is symmetric to those presented above. 

Step 6 (FIG. 23) An alternate, preferred embodiment of the Trusted 

The Result 9A and the updated Countersign 62 Value Path is described further below, with reference to 

is encrypted with the Enclave Key 40 and transmitted 5 FIGS. 29-34. The Trusted Path phase of the Data En- 

to the Crypto Media Controller 26. clave process is preferably implemented using the rele- 

Step 7 (FIG. 24) vant aspects of this alternate embodiment These as- 

The combined Result and updated Countersign 62 is P*cts include Identification and Authentication, 

decrypted The updated Countersign 62 is encrypted Trusted Command Initiation (Privileged Services) and 

with the Enclave Key 40 and stored in the user s Per- 10 Key Management. 

sonal Keying Device 30 as the new value of Last Coun- advantages ovfb rarnn apt 

tersign 62'. The Countersign and result are displayed on ADVANTAGES OVER PRIOR ART 

the display portion of the Personal Keying Device 30. Thc Data Enclave System of the present invention 

At this point, the user has been authenticated to the provides a number of advantages over the prior art, as 

Security Server 24 and assigned a set of Privileges 95, 15 outlined below, 

which may be invoked at a later time. The Security Security 

Server 24 has also displayed to the user 5 the Counter- , ... 

sign 62 that it will use in the session to authenticate itsdf Thc <™a enclave invention offers comprehensive 

to the user. security to the date within the Enclave 20; there are no 

20 "sneak paths" or "holes" that exist in approaches where 

Privileged Services the date is protected on media but the Wide Area Net- 

This phase of the operation involves a user 5, whose w ?3* X f conj ? cctio1 ^ °Pf l » 01 versa, 

identity has already been presented to and authenticated . ™ invention jnmunteAe damage that can be done 

by the Security Server 24, invoking a privileged opera- „ * v P n ^S** individuals who become subverted. Cryp- 

tion by that Server 24. The user is identified to the 25 ^graptec keys are transmitted and stored entirely in 

Security Server 24 by the User UID 48. The Security ? K 'P hcrcd „ fo ™: Wdl-loiown techniques (socaUed 

Server 24 is authenticated to the user by the Counter- ******* technology) can be used to protect the 

• « Enclave Key when it is stored m the Crypto Media 

The steps involved in this phase of the operation are m ™ d ScCU f itV U ' ™ ot 

logic used in data protection is omitted from these dia- ^>^«^>^;^ ™, J* * #Ua _ " . ^ 

* r not compromise any part of the operation of the lnven- 

* rams ' tion. 
Step 1 (FIG. 25) 

The user 5 signals his or her desire to invoke a privi- 35 Low Cost 

Srf^^TK^^i^K TT* invention uses a small number of special dement, 

34 of the Person^ Keying Device 30. This «try is m , ^ variety of ways. Maximum use is made of the 

^^fJ^^ p/Sk^Y^^M 18 ^ographic devices, which are typically the most 

*f ex ^552 f ™" * e Personal Keymg Devu ^ 30 expensive parts of a date security device. The same 

Step 2 (FIG . 25) . 40 devices are used for media protection sad authenticated 

, ,™"xmbm*Uo* ° f ^ ^ ?? d *? V *r intentions with the Security Server. 
UID 48 is encrypted with the Enclave Key 40 and 

transmitted to the Security Server 24. Ease of Use 

Step 3 (FIG. 26) ^ L ,„ . , * . „ Individuals desiring access to media have to deal with 

The combination of the "ATTN" signal and the User 45 the Security Server only when media is initialized. "Un- 

m £ * "j" 3 *^ usulg * c 40 locking- a unit of media requires an operation no more 

Z^rr * ~V?/L v 0 „ complicated than using a TV remote control. Overhead 

The User UID 48 is transferred to the Storage Search ^d delay is concentrated at the time a media is "un- 

Logic 72 and the "ATTN" signal is transferred to the locked" and no delays or incompatibilities are intro- 

Privileged Operation Logic 73. 30 duced during operations using the media. 

Step 5 (FIG. 26) Identification and authentication of users to the Secu- 

The Storage Search Logic 72 then extracts the user's rity Server 24 is both simpler and more robust than 

Privileges 95 from the User Attribute Data Base 80 and prior art such as passwords. The same basic steps are 

passes them to the Privileged Operation Logic 73. used f or security operations dealing with media and 

Step 6 (FIG. 27) 55 dealing with the Security Server 24. 

The Storage Search Logic 72 extracts the Counter- Exceptional or emergency situations can be accom- 

sign 62 from the User Attribute Data Base 80 and passes modated. A trusted command initiation can override a 

it to the Key Management Crypto 70, which encrypts it security policy enforced by the Security Server 24 and 

with the Enclave Key 40 and transmits it to the Crypto release data to persons who would normally be unau- 

Media Controller 26, which initiated the request 60 thorized to access it. 
Step 7 (FIG. 28) 

The Crypto Media Controller 26 decrypts the Coun- Flexible Control of Media 

tersign 62 and causes it to be displayed on the Personal In the data protection area, the system associates 

Keying Device 30. Media 2 or 4 primarily with users and secondarily with 

At this point, both the user and the Security Server 24 65 machines. This is a more natural structure than one 

are aware, in authenticated fashion, that a privileged where Media 2 or 4 is only useable on a single machine, 

operation is to be invoked. The invocation of the opera- The access control logic, which computes allowed 

tion, which may involve multiple interactions, can then access at the last possible moment using the combina- 
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tion of an individual's Access Vector 52 and the Device 

Attributes 58 assigned to a particular Workstation, can Detailed Arrangement 

be used to enforce a variety of security policies. For Workstation Without Encryption 

example, an individual's access to data may be restricted The Trusted Path comes in two forms, Workstations 

not only on the basis of Ae mdividuaTs attributes, but * without encryption and Workstations 102 with^yp! 

ako to protected physical locations. Thus, an individu- tion. The first form of the Trusted Path is for use with 

a] Is Access Vector 52 may grant "read" access to a unit Workstations 102 that do not have a cryptographic unit, 

of media which contains proprietary engineering data, such as a Crypto Media Controller installed. In such 

but the comparison against the Device Attributes 58 of Workstations 102 the key management function is not 

the Crypto Media Controller 26 making the access may necessary. This form of the Trusted Path is illustrated in 

restrict display of the contents of the unit of media to FIG. 30. 
those machines inside a particular facility or office. 

Physical security measures can then be used to restrict Personal Unit 

who may be in the vicinity when the data is displayed. ,5 Personal Unit 101 serves three purposes: 

Prior art in this area permits only an "all or nothing" 0) It serves to identify a human user and the Work- 

approach to access. station used by that human user to Secure Computer 

Sharing and Backup of Media (2) It is used by the human user to verify that pre - 

An individual's access to an initialized media can be 20 ciscly ihosc commands given by the human user to 
restored, or a second individual granted access, by Secure Computer 104 are being executed by it, without 
bringing together the media, the requisite Personal tampering or modification by Untrusted Communica- 
Keying Device 30, and a Workstation 10 equipped with tio j? ? 5? ^ 103 * 

a Crypto Media Controller 26 that is keyed with the (3) It is used by the human user to verify that critical 
appropriate Enclave Key. 23 ««d senaUve data in Secure Computer 104 is being 

displayed to the human user by Untrusted Communica* 
Positive Control of Privileged Operations tions System 103 without tampering or modification. 

Remotely invoked privileged operations at the Secu- ™* ^ 101 bv 

rity Server 24 are under the positive control of the user 2?2l£i^ 

3. That control is cryj^graphkally protected and mu- 30 » ^^V 0 mt 111 Pereonal 

turfy authenticated. ^iv^Tt Umt 118 10 t Jf? mit «* 

receive data to and from Communication Unit 128 in 

TRUSTED PATH ALTERNATE PREFERRED Workstation Unit 102. Communications can be by 

EMBODIMENT means of fiber optics, infrared, or any other 

fce Trusted^thcanbe used independently ^of ^e Data (1) User Identifier 115is a number which is uniquely 
Enclave. Described below is a preferred embodiment of assigned to each human user. The number can bVstored 
a Trusted Path that is preferably used to implement the in its entirety in User Identifier 15, or split between that 
Trusted Path operations of the Data Enclave, but which ^ storage and a value which is entered by the human user 
has utility independent of the Data Enclave invention. upon demand, U., a so-called Personal Identification 
The Trusted Path of this embodiment can be used for Number or PIN. 

security- <> relevant interactions between a human (2) Cryptographic Key Storage 116 is used to hold 
user and secure computer, which fall into four broad the keys used by Cryptographic Unit 112 to generate 
classes: 45 keystream. These keys are selected and loaded into 

1. Identification and Authentication Cryptographic Key Storage 116, when an instance of 

2. Trusted Command Initiation (privileged services) Personal Unit 101 is assigned to a human user. 

3. Trusted Review (?) Authentication Token Storage 117 is used in the 

4. Key Management Authentication Token Exchange Protocol, which is a 

^ 50 unique feature of the Trusted Path. The working of this 

General Arrangement protocol is described later. 

A general arrangement of the Trusted Path is shown Cryptographic Unit 112 must be logically compatible 
in FIG. 29. This arrangement consists of four subsys- with Cryptographic Unit 142 in Secure Computer 104; 
terns: Personal Unit 101, Workstation Unit 102, Un- tnat^grven proper keying, h must be possible for one 
trusted Communications System 103, and part of Secure 55 ^ decipher data which has been enciphered on the 
Computer 104. Personal Unit 101 communicates di- °"^ r ' 

rectly with Workstation Unit 102. Workstation Unit 102 K Personal Unit 101 is envisioned as being implemented 
communicates with Secure Computer 104 over Un- *^ { n^^ZJT * * «* 

trusted Communications System 103. It is the elements ^ SSW^ST 1.* ? tompenng or unde- 

of Untrusted C^unications Systems 103 which are " £5* KSSrttt'S T??L* 
. . . . 4 * meniea m a manner which enables it to be readilv ear- 

the source of the vanous threats to secure operation. rfed upon the person when notTuse 

Personal Unit 101. Workstation Unit 102, Communi- Workstation Unit 
cations Subsystem 103 and Secure Computer 104 corre- Workstation Unit 102 serves two purposes- 
spend in arrangement and at least general function to 65 1. To identify a specific Workstation to Secure Com- 
the Personal Keying Device 30, Workstation 10, Net- puter 104. 

works 12 (and 16), and Security Server 24 of the Data 2. To logically connect Personal Unit 101 with Un- 
Enclave 20, respectively. trusted Communications System 103. 
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Logic and Control Unit 121 controls Communica- provided to protect Critical and Sensitive Data 144 
tions Unit 128 and accesses Workstation Identifier 125 resident on fixed and removable media from theft, tarn- 
when required. Workstation Identifier 125 is either a pering, or unauthorized access. Cryptographic Unit 122 
fixed value or is set by some mechanical means from the may or may not be physically or logically identical with 
outside of Workstation Unit 102. It is envisioned that 5 Cryptographic Units 112 and 142. The basic functions 
Workstation Unit 102. in this form, is implemented in a and operation of Workstation 102 are as described ear- 
manner which enables it to be readily attached to ester- lier. 

nal data ports of existing Workstations (e.g., RS232 data Untrusted Communications System 103 is unchanged 
port or so-called "games ports**). Workstation Unit 102 from the previous form. 

is envisioned as being implemented by means which 10 All previous functions of Secure Computer 104 are 
enable trust to be placed in it, and packaged in a manner retained and Security Kernel 143 is mhanctd to per- 
which resists tampering or undetected modification. It form the additional functions of Workstation Key Man- 
is also envisioned as being packaged in a manner which agement as described earlier, 
permits rapid and reliable determination that it is prop- General Operation of Trusted Path 
erly attached to a designated Workstation. 15 Following is a description of the operation of the 

Untrusted Communications System Trusted Path A general, overview description of the 

^ protocols is given first, followed by a detailed descrip- 

Untrusted Communications System 103 Consists of tion of the Trusted Path operation and the significance 
two logical parts: Workstation 131 and Network 132. of the protocols. 

Workstation 131 is a conventional workstation, per- 20 Any physical communications protocols which are 
sonal computer, desk-top, lap-top, or palm-top com- appropriate for the media connecting Communications 
puter with an external data port to which Workstation Units 118 and 128, Communications Unit 128 and 
Unit 102 can be attached, and software which enables Workstation 131, and Network 132 and Communica- 
data to be passed between Workstation Unit 102 and tions Unit 148 can be used in the operation of the inven- 
Network 132. 25 tion. 

Network 132 is any combination of local and/or wide Authentication Token Exchange Protocol 
area networks operating in conjunction with zero or The Authentication Token Exchange Protocol is an 
more direct connections to form a data path between end-to-end authentication protocol which is used to 
Workstation Unit 102 and Secure Computer 104. assure Logic and Control Unit 111 is interacting with an 

Secure Computer 30 Authentic Logic and Control Unit 141 and vice versa. 

Security Kernel 143 controls access to Critical and The protocol operates by "chaining" transactions to- 
Sensitive Date 144 according to a predefined security gether in such a fashion that a forged transaction that is 
policy (e.g., based on clearances and classifications or entered into the interaction, will be detected the very 
notions of intellectual property or privacy). Logic and next time a legitimate transaction is received by Logic 
Control Unit 141 is a distinguished subsystem of Secure 33 and Control Unit 141. The Authentication Token Ex- 
Computer 104 which controls the interaction between change Protocol is described in detail later. 
Security Kernel 143 and Communication Unit 148. Cryptographic Checksum Protocol 
Such subsystems are sometimes called "terminal driv- The Cryptographic Checksum Protocol is an addi- 
ers" "device controllers**, or "front-end processors". tional protocol which is used to assure transactions 

Logic and Control Unit 141 is enhanced with Crypto- 40 between Logic and Control Units have not been tarn- 
graphic Unit 142 and the Authentication Token Ex- pered with. The Cryptographic Checksum Protocol 
change Protocol which is described later. Crypto- differs from the Authentication Token Exchange Proto- 
graphic Key Storage 146 is used to hold the crypto- col in that it authenticates single transactions rather 
graphic keys required for the operation of Crypto- than sequences of transactions. Any cryptographic 
graphic Unit 142. Cryptographic Unit 142 must be logi- 45 checksum or digital signature algorithm which meets 
cally compatible with Cryptographic Unit 112 in Per- reasonable standards of cryptographic strength can be 
sonal Unit 101; that is, given proper keying, it must be used in the present invention, 
possible to decipher data which has been enciphered on Identification and Authentication Protocol 
the other. Identification and Authentication Protocol invoked 

Security Kernel 143 is enhanced to perform the tunc- 50 when a user wishes to interact with Secure Computer 
tions of Identification and Authentication, Trusted 104 for some period of time, using the keyboard and 
Command Initiation, and Trusted Review. display of Workstation 131 and the communications 

Workstations with Encryption facilities of Network 132. The period of interaction is 

The second form of the Trusted Path is for use in commonly called a session, the act of initiating a session 
Workstations 102, which have a cryptographic unit 35 is commonly called logon, and that of terminating one is 
installed, and where the Trusted Path facilities are used commonly called logout. In addition, the Identification 
to authenticate the movement of cryptographic keys and Authentication Protocol may be restarted by Se- 
from the Secure Computer 104 to the Workstation Unit cure Computer 104 when the user requests some critical 
102. All operations supported in the previously de- operation be performed. 

scribed form are supported as well. This form of the 60 The general operation of the Identification and Au- 
Trusted Path is illustrated in FIG. 31. thentication Protocol, given with general reference to 

The only difference in Personal Unit 101 in this form FIGS. 30-33, is as follows: 
of the Trusted Path, is that Cryptographic Key Storage Step 1 

116 is expanded to hold cryptographic keys which are The user establishes a physical communications link 
destined for Cryptographic Unit 122 in Workstation 65 between Personal Unit 101 and Workstation Unit 102. If 
Unit 112. the communications media is wired, this will involve 

All of the previous functions of Workstation Unit 102 connecting the two units. If it is wireless, it will involve 
are supported. In addition, Cryptographic Unit 122 is placing the units in proper physical proximity. 
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Step 2 change Protocol. The Trusted Command Protocol is 

The user presses an attention key on Persona] Unit described in detail later. 

101 and optionally enters a Personal Identification Trusted Review Protocol 

Number. Personal Unit 101 obtains Workstation Identi- The Trusted Review Protocol is used when a user 

fier 125 from Workstation Unit 102, constructs an Iden- 5 wishes to be assured that an element of critical and 

tification and Authentication Transaction, and causes it sensitive data displayed on Workstation 131 is an accu- 

to be transmitted to Secure Computer 104. rate and proper representation of the critical and sensi- 

Step 3 tive data as stored in Secure Computer 104. The general 

Secure Computer 104 verifies that this is an authentic operation of the Trusted Review Protocol, given with 

Identification and Authentication Transaction and be- 10 general reference to FIGS. 30-33, is as follows: 

gins a new session or other interaction with the user. Step 1 

Step 4 The user causes the relevant element of critical and 

Secure Computer 104 constructs an Acknowledge sensitive data to be transmitted from Secure Computer 

mem Transaction and causes it to be sent to Personal displayed on Workstation 131. 

Unit 101. 15 Step 2 

Step 5 By means of software in Workstation 131, the user 

Personal Unit 101 verifies that this is an authentic sclects portion of critical and sensitive data whose 

Acknowledgment Transaction and displays this fact to representation is to be verified* 

the user. Step 3 

Individual transactions in the Identification and Au- 20 Software in Workstation 131 transmits the boundaries 

thentication Protocol are authenticated by the Crypto- Portion to Secure Computer 104. 

graphic Checksum Protocol The fact that a given Iden- f tcp _ 4n . 

tification and Authentication transaction is occurring in . 5c S ure ^ m P utcr 104 "tracts the critical and sensi- 

the proper context is authenticated by the Authentic- „ data which resides within the selected boundaries, 

tion Token Exchange Protocol. The Identification and 25 p]z ? cs rt m °° e °l morc T ! w ^ 6 R eview Transactions, 

Authentication Protocol is described in detail later. ^causes it to be transmitted to Personal Unit 101. 

Trusted Command Protocol ~ tcp 5 . TT . <A , , c L , 

The Trusted Command Protocol is invoked when a J5^J^ T 101 ** "thenticity of the 

user wishes to exercise some privilege or cause Secure ^ JXS^^J^T^ ^ S f l *? cd 

Computer 104 to perform some security-relevant opera- 30 PO^on of critical and sensitive data on its own display, 

tion. The general operation of the Trusted Command *. . ^ . 

i station 131 and acknowledges this fact using the key- 

SfP 1 ^ . . ^ ^ . 35 board of Personal Unit 101. 

The user, operating in conjunction with software m Step 7 

Workstation 131, selects the desired coinmand from a Personal Unit 101 sends an Acknowledgment Trans- 
menu of potable commands Sdection can be by means ^ Qn to Computer 104. ^ 

3!nSS^ P " t «™*- in the Trusted Review Protc- 

of the normal operation of Workstation 131. 40 col are authenticated by the Cryptographic Checksum 

Th? L>um«> ir, WnrV«t«ti™ 1*1' t«mcmit* ih. ^ Protocol The fact that a given Trusted Review Trans- 
it ^^it im * occurrin * m the * authenti- 
lected command to Personal Unit 101. cated by the Authentication Token Exchange Protocol. 

Z tcp 1 « -ini ju 1 .u 1 . j ~ J The Trusted Review Protocol is described in detail 
Personal Unit 101 displays the selected Coinmand to 45 ia ter , 

theuser. Workstation Key Management Protocol 

-r a . a ^ 1 J . . The Workstation Key Management Protocol is a 
The user verifies that Uie displayed command is that form of the Trusted Command ftotocol and is used in 
I?5 1^!^, 50 ° n 1116 key " 11,6 'onn of the present invention where the critical and 
board of Personal Unit 101. 50 sensitive data stored on the individual Workstations is 
* tcp 3 t WT . . M „ to be protected by cryptography, as for example, in the 
Persona] Unit 101 constructs a Trusted Command Data Enclave System 20 described above, lie Work- 
Transaction and causes it to be transmitted to Secure station Key Management Protocol is used to provide 
Computer 104. authenticated distribution of cryptographic keys from 
5^ ~ 35 Secure Computer 104 to individual Workstation Units 
Secure Computer 104 verifies that this is an authentic 102. The general operation of the protocol, given with 
Trusted Coinmand Transaction, executes the appropri- gcncra i reference to FIGS. 30-33, is as follows: 
ate command, constructs an Acknowledgment Transac- Step 1 

tion and displays this fact to the user. The user approaches the selected Workstation and 

Stc P 7 „ 60 initiates the Identification and Authentication Protocol. 

Personal Unit 101 verifies that this is an authentic Step 2 

Acknowledgment Transaction and displays this fact to Workstation Unit 102 identifies the unit of media for 

the user. which a cryptographic key is required and transmits 

Individual transactions in the Trusted Command this identification to Personal Unit 101. The identifica- 

Protocol are authenticated by the Cryptographic 65 tion is based on the 'Volume identifier or other unique 

Checksum Protocol. The fact that a given Trusted designator which is carried on the media. If the media 

Command Transaction is occurring in the proper con- has not been initialized, this information is transmitted 

text is authenticated by the Authentication Token Ex- to Personal Unit 101. 
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Step 3 A low-level synchronization protocol is required to 

Personal Unit 101 constructs a Key Request Transac- handle cases when transmission errors or other difficul- 

tion and causes it to be transmitted through Worksta- ties cause the keystreams to lose synchronization. Such 

tion Unit 102 and Subsystem 103 to Secure Computer protocols make use of well-known techniques and are 

5 not described here. 

Stc P 4 Encryption is effected by combining the keystream 

Secure Computer 104 verifies that this is an authentic with the data in Combinin g/Decombining Units 203 

Key Request Transaction, selects the appropriate key and 223. These units may use methods such as "exclu- 

from a database kept as critical and sensitive data, or ^ yt 0 R - module addition, or other well-known tech- 

creates i inew key in the case or immitialized media, and 10 ^ qutSi Decryption is effected by performing the in- 

causes the key to be transmitted to Personal Unit 101. verse operation using identical keystream values. It is 

? i it *« , A « « ^ * * • required for operation of the present invention that not 

Personal Unit 101 verifies that fhu i» an authentic only are the keystreams in Cryptographic Units 112 and 

key, tnmsmrts it to the proper Workstation Unit 102, U2 idcnticaJ Md ^ ^ 

SieStL^r^ COmplCtl0n ° f kCymg 15 u«d for combining keystream with data be identidj. 

Cryptographic keys are protected during transmis- Authentication Token Sequence 

sion by bemg encipheredin a Key ^ryption Key, for ^ Authentication Tokcn s^ ucncc b ^ uced 
example (Enclave Key 40), which is loaded into each i^m* c^„^ /-w™*^ iVu v a a ^ ^ ^ , 
Workstation Unit 102 when they are installed Individ- 20 g"" ^i^c^J ^^^J^JL 0 ^ 
ual transactions in the Workstation Key Management rT^J lJ^t I V*' ^ thcnts « t,on 

Protocol are authenticated by the Cryptographic Tokens ^ gf^^.Jf *>™ fashion that makes tt 
Checksum Protocol. The fit that a given^ rS' S ^ * ^ t V^J*"? 
ment Transaction is occurring in the proper contex? is ncxt f ° kcn . m ^^S" shouW * " ****** the 

authenticated by the Authentication Token Exchange 25 ^ U "[ tPT ^ ^^"ff the Authentica- 
Protocol tion Token Exchange Protocol is such that no synchro- 

Thus, the Kify Generation and Assignment protocols of t ! !e s ^? u 1 cncc ^ with ^ othcr ** "quired, 

described with respect to Data Enclave 20 operate Authentication Token Generator 147 also maintains a 

substantially the same as the Key Management Protocol history flIc of Authentication Tokens for some preset 

with the exception that, in the Key Management Proto 30 mtcrvftJ . ™ s M« <>ry is used to differentiate masquerade 

col, all interactions between the secure computer and ^tempts from alarms caused by faulty transmission or 

the Workstation are validated by the Authentication equipment failures. There is one Authentication Token 

Token Exchange Protocol and users are identified using Sequence for each user or other distinguished operating 

the Identification and Authentication Protocol entity. 

DETAILED OPERATION OF TRUSTED PATH 35 Authentication Token Exchange Protocol 

Those operations which are individually unique to The steps used by the Authentication Token Ex- 
the present invention are described in detail. These are change Protocol to "chain" together transactions of 
the Authentication Token Exchange Protocol the other protocols are shown in FIG. 33. The steps de- 
Identification and Authentication Protocol the Trusted 40 scribed below are keyed to that figure. Note that this 
Command Protocol, the Trusted Review Protocol, and protocol is for the generation and validation of tokens 
the Workstation Key Management Protocol. which appear as data fields in the transactions of other 
. , protocols. The description of each step that follows is 
Authentication Token Exchange Protocol also referenced to FIGS. 30-32. 

The Authentication Token Exchange Protocol makes 43 Step 1 
use of two pseudo-random sequences of numbers: a The initial state of a protocol cycle is one in which 
Synchronized Keystream and an Authentication Token Personal Unit 101 contains a value from some previous 
Sequence. transaction and Secure Computer 104 is preparing to 

_ , .... initiate a new transaction. The Authentication Token 

Synchronized Keystreams ^ Sequence has just generated Token Number m, and the 

Synchronized Keystreams are produced by Crypto- Synchronized Keystream Sequences have just pro- 
graphic Units 112 and 142. The logic of these units is duced Keystream Element n. In such a case, the Au- 
shown in FIG. 32. The actual keystreams are produced thentication Token Storage 117 will contain a value 
by algorithms in Keystream Generators 201 and 221. which is the result of enciphering Token m with Keys- 
The sequence of numbers (called "Keystream Ele- 55 tream Element n. Keystream Generators 201 and 221 
ments") in the keystream is a function of the crypto- will be ready to generate Keystream Element n+ 1, and 
graphic key kept in Cryptographic Key Buffers 202 and Authentication Token Generator 147 will be ready to 
222. The manner in which the keystream is generated generate Token m+1. 
may differ between the two units, but the resulting Step 2 

keystreams must be identical for the protocol to oper- 60 A single cycle of the Authentication Token Ex- 
ate. In particular, a large, precomputed keystream se- change Protocol is initiated when some transaction is to 
quence may be stored in Cryptographic Key Buffer 202 be sent from Secure Computer 104 to Personal Unit 101. 
or 222 and simply copied by the respective Keystream In this case, Logic and Control Unit 141 commands 
Generator Ml or 221. (This technique is sometimes Authentication Token Generator 147 to generate a 
called a "one-time pad/') Alternatively, a much shorter 65 token (in this case m+ 1) and commands Cryptographic 
cryptographic key may be used to "seed" the mecha- Unit 142 to encipher it (in this case, with Keystream 
nism in Keystream Generator 201 or 221, and the keys- Element n + 1). The enciphered token is then transmit, 
tream produced in small quantities as required. ted to Personal Unit 101 as a data field in a transaction 
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record. Arrival of the transaction causes Personal Unit (3) User Identifier 115, enciphered with a keystream 
101 to perform the next step in the cycle. which is reserved for this purpose. 
Step 3 (4) A value provided by the Cryptographic Check- 
Logic and Control Unit 111 causes the value stored in sum Protocol which serves to validate the value and 
Authentication Token Storage 117 to be deciphered by 5 association of the above elements. 
Cryptographic Unit 112 using Keystream Element n; Authentication Demand Transaction 
this yields the true value of Token m Logic and Con- Upon receipt of the Initiation Transaction, or upon 
trol Unit 111 then immediately commands Crypto- demand by Security Kernel 143 for user authentication, 
graphic Unit 112 to re-encipher Token m using Keys- Logic and Control Unit 141 constructs an Authennca- 
tream Element n+2. The enciphered value is then re- 10 don Demand Transaction and transmits it to Logic and 
turned to Secure Computer 104 in whatever transaction Control Unit 111. This transaction consists of the fol- 
is used to "echo" or acknowledge the transaction sent lowing elements: 

from Secure Computer 104 to Personal Unit 101 in Step (1) A distinguished value identifying this as an Au- 

2. thentication Demand Transaction. 

Step 4 15 (2) An enciphered Authentication Token as described 

Logic and Control Unit 141 then causes the incoming in Step 2 of the Authentication Token Exchange Proto- 

enciphered value to be deciphered by Cryptographic col. If this transaction is in response to an Initiation 

Unit 142 using Keystream Element n+2. This yields the Transaction, the User Identifier 115 in that transaction 

value of the putative Token m which has cycled from will be deciphered and used to select the proper se- 

Secure Computer 104 to Personal Unit 101 and back 20 quence of Authentication Tokens. If this transaction is 



in response to a demand from Security Kernel 143, the 
5 user identifier (and therefore the denotation of the 
The putative Token m value is then compared by proper Token Sequence) will be included in the de- 
Logic and Control Unit 141 with the value that has been xnand. 

retained by Authentication Token Generator 147. If the 3. A value from the Cryptographic Checksum Proto- 

values are the same, the Logic and Control Unit 141 is col which serves to authenticate the value and associa- 

assured that the incoming transaction was properly tion of the above elements, 

"chained** to an outgoing one and is not erroneous or Authentication Response Transaction 

forged. If the values are not the same, Logic and Con- ^ Upon receipt of this transaction, Logic and Control 

trol Unit 141 invokes the low-level synchronization Unit 111 notifies the user by means of Display 113. If 

protocol to cause retransmit of the records. If some required, user enters a Personal Identification Number 

preset number of transmissions fails to yield an authenti- or other value or measurement which serves to identify 

cated "chaining" then the Logic and Control Unit 141 the user. Logic and Control Unit 111 communicates 

raises an alarm. 3S with Logic and Control Unit 121 and obtains from it 

Step 6 Workstation Identifier 125. Logic and Control Unit 111 

Simultaneously with Step 5, Logic and Control Unit then constructs and sends to Logic and Control Unit 

111 in Personal Unit 101 updates Authentication Token 141 an Authentication Response Transaction which 

Storage 117 with the new value, which is Token m+1 consists of the following elements: 

enciphered with Keystream Element n+1. At this point 40 (1) A distinguished value identifying this as an Au- 

the protocol cycle has completed and the protocol is thentication Response Transaction, 

back in its initial state awaiting the start of a new cycle. (2) The Workstation Identifier 125, enciphered with a 

The low-level synchronization protocol may require keystream reserved for this purpose, 

that Authentication Token Storage Unit 147 keep a (3) The User Identifier 115, optionally supplemented 

"window" of old values, so that a period of time exists 43 with Personal Identification Number or other personal 

in which a previous value can be retransmitted to Se- data, and enciphered with a keystream reserved for this 

cure Computer 104 in cases where the comparison de* purpose. 

scribed in Step 5 fails. (4) An enciphered return Authentication Token as 

Identification and Authentication Protocol ^ fa Ste P 3 * Authentication Token Exchange 

The Identification and Authentication Protocol oper- (5) A value from the Cryptographic Checksum Pro- 
ation is identical for both forms of the present invention. tocol which serves to authenticate the value and associ- 
The description that follows is referenced to FIG. 30 ation of the above elements. 

and 31. Upon receipt of this transaction, Logic and Control 

Initiation of Protocol 53 Unit 141 deciphers Workstation Identifier 125 and User 

The protocol is initiated when a user first establishes Identifier 115, performs the operations described in 
a communications link between Personal Unit 101 and Steps 4 and 5 of the Authentication Token Exchange 
Workstation Unit 102, when a user initiates an "atten- Protocol, and if validated, notifies Security Kernel 143 
tion" signal by pressing a key on Keyboard 114, or that the denoted user interacting from the denoted 
when a demand for user authentication is made by Se- 60 Workstation has been authenticated. If not validated, 
cure Computer 104. Logic and Control Unit 141 notifies Security Kernel 

If the protocol was initiated from Personal Unit 101, 143 that an invalid logon attempt has occurred and 
an Initiation Transaction is constructed by Logic and appropriate response should be made. 
Control Unit 111 consisting of the following elements: Acknowledgment Transaction 

(1) A distinguished value identifying this as an lnitia* 65 If the validation succeeds, Logic and Control Unit 
tion Transaction. 141 constructs and sends to Logic and Control Unit 111 

(2) A value which will enable Logic and Control Unit an Acknowledgment Transaction which consists of the 
141 to reply to the transaction (e.g., a network address). following elements: 
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(1) A distinguished value identifying this as an Ac- (4) A value from the Cryptographic Checksum Pro- 
knowledgment Transaction. - tocol which serves to authenticate the value and associ- 

(2) The Workstation Identifier 125 and User Identi- ation of the above elements. 

fier 115, enciphered with the next element of the keys- Immediately subsequent to the sending of this trans- 
tream reserved for this purpose. 5 action, Logic and Control Unit 111 performs Step 6 of 

(3) A value from the Cryptographic Checksum Pro- Ac Authentication Token Exchange Protocol. 

tocol which serves to authenticate the value and associ- u P° n receipt of the User Response Transaction, 

ation of the above elements. and Control Unit 141 deciphers the con. 

Validation of Response firm/deny indicator and performs Steps 4 and 5 of the 

Upon receipt of this transaction, Logic and Control 10 Authentication Token Exchange protocol. Logic and 

Unit 111 performs Step 6 of the Authentication Token 9° ntro1 *** the confirm/deny indicator to 

Exchange Protocol, notifies the user by means of Dis- Security Kernel 143. ^confirm, the i command is exe- 

play 113 that the identification and authentication pro- <r utcd and Control Unit 141 is so notified. If 

cess is complete, and sends a transaction to Workstation deny. Security Kernel 143 takes appropriate action such 

131 through Conmiunications Units 118 and 128 that 15 ^^owleSent Transaction 

causes cornmumcafcons between Workstation 131 and If thc mwkS U>gic and Control Unit 

Secure Computer 104 to be initiated in the case of lo- t aV^«ct™H^ Z^i** r^f^T^i^ ySLyIv 

gon, or to be continued in the case of an identification A il ut ^ ^l 1 ? 1 

5 ' u yz p * \ • wiucnuuwiuuii an Acknowledgment Transaction which consists of the 
demand from Secure Computer 104 in the middle of a ^ following dements: 

SCSSIon * (1) A distinguished value identifying this as an Ac- 
Trusted Command Protocol knowledgment Transaction. 

, _ . _ _ . . . (2) An enciphered Authentication Token as described 

The Trusted Command Protocol operation is identi- m Step 2 of the Authentication Token Exchange Proto- 

cal for both forms of the present invention. The descnp- 25 col. 

tion that follows is referenced to FIGS. 30 and 31. (3) A va lue from thc Cryptographic Checksum Pro- 

The protocol is initiated when a user selects a privi- tocol which serves to authenticate the value and associ- 

leged command when interacting with Workstation ation of the above element. 

131. The privileged nature of the command is recog- Notification Complete Transaction 

nized by Security Kernel 143 and it notifies Logic and 30 Upon receipt of this transaction, Logic and Control 

Control Unit 141 to start the protocol for the selected Unit 111 displays the acknowledgment on Display 113. 

privileged command. Logic and Control Unit 111 then constructs and sends 

User Confirmation Demand Transaction to Logic and Control Unit 141, a Notification Complete 

Logic and Control Unit 141 constructs and sends to Transaction which consist of the following elements: 

Logic and Control Unit 111 a User Confirmation De- 35 (1) A distinguished value identifying this as a Notifi- 

mand Transaction which consists of the following ele- cation Complete Transaction, 

ments: (2) An enciphered return Authentication Token as 

(1) A distinguished valve identifying this as a User described in Step 3 of Authentication Token Exchange 
Confirmation Demand Transaction. Protocol. 

(2) An enciphered Authentication Token as described 40 0) A value from the Cryptographic Checksum Pro- 
in Step 2 of the Authentication Token Exchange Proto- toc °l which serves to authenticate the value and associ- 
col. ation of the above elements. 

(3) A description or denotation of the privileged com- Immediately subsequent to the sending of this trans- 
mand and the relevant parameters formatted, so it may action, Logic and Control Unit 111 performs Step 6 of 
be displayed on Display 113 of Personal Unit 101. 43 Authentication Token Exchange Protocol. 

(4) A value from the Cryptographic Checksum Pro- V**? rcc * pt of l his transaction, Logic and Control 
tocol which serves to authenticate the value and associ- Unit 1A ± penorms Steps 4 and 5 of the Authentication 
ation of the above elements. T° k ?? Exch^ge Protocol and communicates to Secu- 

User Response Transaction nt * Kcrncl "3 that the user has been notified. 

Upon receipt of this transaction, Logic and Control Trusted Review Protocol 

Unit 111 displays the description or denotation of the . ~ • , D . . . . , 

privileged command on Display 113. The user visually f J£l£^ IZZll?! 0001 T ? 

checks that the description as displayed is of the com- f? r forms of * c P'ff" ^description 

««JtJk^Ii!^ i^J^A^ I^tZ^ ™* foUows * referenced to FIGS. 30 and 31. 

mand whose selection initiated the protocol* and noti- » 1* «j ... t 

fi^ Logic and Control Unit 11! through Key^ lH 35 t^SE <^^^ 
whether the selection of the command is confirmed or curity Kernel 143 recognizes this command and dis- 
denied Upon receipt of this notification, Logic and plays> to ^ ratrjctions of ^ 

Control Umt 111 constructs a User Response Transac- window of information on its screen using the inven- 
tion which consists of the following elements: 60 tions of graphical or other user mterfacet Within this 

(1) A distinguished value identifying this as a User window, Security Kernel 143 also displays a review 
Response Transaction. subwindow whose dimensions are such that all the data 

(2) An indication of whether the command selection displayed on it can be identically displayed on Display 
is confirmed or denied, enciphered using a keystream 113 of Personal Unit 101. The position of the review 
reserved for this purpose. 65 subwindow can be moved within the main window 

(3) An enciphered return Authentication Token as using the keyboard, mouse, or other input device of 
described in Step 3 of Authentication Token Exchange Workstation 131. This arrangement is shown in FIG. 
Protocol. 34. 
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User Review D«n»nd Transaction J^tZ^l^^ ^^^^ ^ 

tocol which serves to authenticate the value and associ- 

When the user, is satisfied that the review subwindow ation of the above elements. 

134' is positioned over the portion of critical and sensi- Notification Complete Transaction 

tive data to be reviewed, he or she notifies Security 5 Upon receipt of this transaction, Logic and Control 

Kernel 143 by means of the keyboard or other input Unit 111 displays the acknowledgment on Display 113. 

device on Workstation 131. Security Kernel 143 copies Logic and Control Unit 111 then constructs a Notifica- 

the portion of critical and sensitive data to be reviewed tion Complete Transaction which consists of the fol- 

from Critical and Sensitive Data 144 and sends it to lowing elements: 

Logic and Control Unit 141. Logic and Control Unit 10 0) A distinguished value identifying this as a Notifi- 

141 then constructs and sends to Logic and Control cation Complete Transaction. 

Unit 111 a User Review Demand Transaction which 0) An enciphered return Authentication Token as 

consists of the following elements: described in Step 3 of Authentication Token Exchange 

(1) A distinguished value identifying this as a User Protocol. 

Review Demand Transaction. 13 ( 3 ) A value from the Cryptographic Checksum Pro- 

(2) An enciphered Authentication Token as described 10061 which to authenticate the value and associ- 
in Step 2 of the Authentication Token Exchange Proto- ation of the dements. 

col. Immediately subsequent to the sending of this trans- 

(3) The portion of critical and sensitive data format* action, Logic and Control Unit 111 performs Step 6 of 
ted, so it may be displayed on Display 113 of Personal 20 Authentication Token Exchange Protocol 

Unit 101. Upon receipt of this transaction, Logic and Control 

(4) A value from the Cryptographic Checksum Pro- Unit 141 V^onns Steps 4 and 5 of the Authentication 
tocol which serves to authenticate the value and associ- T ok ™ ^flange Protocol and communicates to Secu- 
ation of the above elements. ntv Kemd 143 that the user has been notified. 

User Response Transaction 25 Advantages of Trusted Path 

Upon receipt of this transaction, Logic and Control - . _ A . 

Unit 111 displays the portion of critical and sensitive !^ tn *f d ^"*on of Security Alarms 

data on Display 113. The user visually checks that the „ p j^ to ^ ols of m \ cntloI i arc so that 

portion as displayed, is identical to that shown on the „ ^hT^c^^I!!!^^^ QoB p ta 104 

review subwindow, and notifies Logic and Control 30 J^J^L" p™**™*®* responding to an 

Unit 111 through Keyboard 114 whether the review is ^Z^J^T v *° bnpx J }V ^ xenX over traAtional 

confirmed or denied Upon receipt of this notification, SJTSE^^S^" - °^ mcans whi jl h d f 

Logic and Control Unit 111 constructs a User Respond l^J^UZiTZ ^ t^*™ ^ * °°^ y 

Transaction which consists of the following elements: 35 £3/^^ 

^J^l^ as a User 35 iSSfi 

(2) ^mdicationof whether the review is confirmed ff^m^ker obtains an actual Personal Unit 101 or 
or denied, enciphered using a keystream reserved for its logica] equivalent, and obtains through analysis or 

rJ^A^ninh^ ,^ A,,*™*,..*** tva.« M 40 8ubvcrsion of personnel the keystream used in the Au- 
A ^Mx^m ^then^icanon Token as thentication Token Exchange Protocol, the protocol 

tacribed m Step 3 of Authentication Token Exchange ^ows him a ' Vindow ofc^rtunity" for masquende 

rj^Ti^ th+ r^t^^ r*~v^ iw which » terminated the very next time the legitimate 
(4 A value from the Crypto^aphic Checksum Pro- ^ ^ Personal Unit 101 interacts with Secure Com- 
tocol which serves to authenticate the value and associ- 4 5 puter 104. This is because each interaction moves the 
anon of the above elements sequence of Authentication Tokens inside Secure Com- 

Immediately subsequent to the sending of this trans- putcr 104, and this movement cannot be influenced 
action I^c and Control Unit 111 performs Step 6 of from the outside. (If Secure Computer 104 is compro- 
the Authentication Token 1 Exchange Protocol. mised, then all data is lost, anyway). The motion 

Upon receipt of the User Response Transaction, 50 performed by the masquerading attacker wiU cause a 
Iog,c and Control Unit 141 deciphers the con- mismatch in the return Token when the legitimate user 
firm/deny indicator and performs Steps 4 and 5 of the attempts an interaction, and this mismatch win be de- 
Authentication Token Exchange Protocol. Logic and tected at Secure Computer 104 
Control Unit 141 passes the confirm/deny indicator to This robustness enables the user of weaker crypto- 
Security Kernel 143. If confirm, processing proceeds 35 graphic algorithms or keys in environments where it is 
and Logic and Control Unit 141 is so notified. If deny, not safe or desirable to transport or use high-grade 
Security Kernel 143 takes appropriate action such as cryptography, 
retry or alarm. Positive Detection of Attack 

Acknowledgment Transaction The Authentication Token Exchange Protocol is 

If the command is invoked, Logic and Control Unit 60 superior to traditional methods which rely on cryptc- 
141 constructs and sends to Logic and Control Unit 111 graphic checksums, in that it can positively differentiate 
an Acknowledgment Transaction which consists of the between alarms raised by communications failures and 
following elements: those raised by deliberate attempts to compromise secu- 

(1) A distinguished value identifying this as an Ac- rity. This capability is granted by the Authentication 
knowledgment Transaction. 65 Token sequence. If a mismatch in Tokens is detected in 

(2) An enciphered Authentication Token as described Step 5 of the Authentication Token Exchange Protocol, 
in Step 2 of the Authentication Token Exchange Proto- then the Token sequence can be searched backward to 
col. see if the returned Token matches exactly some earlier 
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value. If it does, then Secure Computer 104 is assured, vice 320 is portable, for example, lap-top computer size, 
to the strength of the algorithm that randomizes the Preferably, local Crypto Support Devices 320 are 
Tokens, that the alarm was raised by an attack. In addi- equipped with theft detection circuitry, such as that 
tion, Secure Computer 104 knows that the keystream used to deter shoplifting. Local Crypto Support De- 
used in the Authentication Token Exchange Protocol 5 vices 320 are used in key distribution and are equipped 
has been compromised, and can identify the exact inter- with a Communications Security Device 322 that is 
action where the compromise occurred. compatible with the Communication Device 312 in 

Po^veDctc^onofScc^Boun^ £^ ^^SX^ 

The elements of the invention provide physical and 10 which functions substantially the same as the Key Man- 
verifiable indications of where the security boundaries agement Crypto 70 described with reference to the 
of Secure Computer 104 are located embodiment 20 of the data enclave system, insofar as 

Operational Advantages ^^^ ti ^7 « en ^ on T « ld ^J?™ 

^ ^ are concerned. Crypto Support Devices 320 further 
Independence of Communications Means 15 include a disk drive 326, which may be used to read and 

The protocols in this invention operate at Layer 5, 6, write removable media 302, and a data interface 328, 

and 7 of the ISO standard for communications proto- which may be coupled to a Crypto Media Controller in 

cols. This means that they are independent of the nature a Workstation 340. The interface can either be wired or 

of topology of the network which connects Worksta- wireless (for example, radio infra-red) 
tion 131 to Secure Computer 104. All prior means for 20 Personal Keying Device 

achieving Trusted Path have depended, on a greater or Each user is issued a Personal Keying Device 330 of 
lesser degree, cm the nature or topology of this network. the same design as Personal Keying Device 30 de- 
Minimal Intrusiveness scribed above with reference to embodiment 20 of the 
The elements of the invention are either free-standing Data Enclave System. Personal Keying Device 330 is 
units, parts of an already distinguished secure computer, 25 used for key insertion and individual authentication, 
or devices which attach to existing interfaces to com- Personal Keying Device 330 includes electronic storage 
mercial workstations. Trie only modification required 331, a key pad, a display and a Data Transfer Interface 
to a commercial workstation is a software modification 332, which is compatible with the Data Transfer Inter- 
so that data can pass from Workstation Unit 2 across the face in the local Crypto support device 320. Personal 
network to Secure Computer 104. No security reliance 30 Keying Devices 330 may also be equipped with theft 
is placed on this modification, so that it can be rapidly detection circuitry, 
and economically made to the software of a wide van- Crypto Media Controller 

ety of commercial units. Each work station 340 operating within the enclave 

Low Cost 300 includes a Crypto Media Controller 342 of the same 

The elements of the invention are such that they can 35 design as Crypto Media Controller 26, with the excep- 

be constructed of readily available commercial technol- tion that Crypto Media Controller 342 does not include 

ogy. logic and functions for media initialization and key 

ALTERNATE EMBODIMENT OF DATA f^f^L™ tZ **?*^ ^^SI?* P*!f 2cd 
pvipr A vi= cvctpm mtdiz. Crv P to Mcdia Controller 342 further includes a 
tJNUi^vt, ai&i tj* 40 Data Interface 344 compatible with Data Interface 328 
An alternate embodiment of the Data Enclave Sys* in the Local Crypto Support Device 320. 
tern 20 is shown in FIGS. 35, 36 and 37. Alternate em- ™™ 

bodiment 300 provides for operation of the Data En- OPERATION OF ALTERNATE EMBODIMENT 
clave System in a non-networked environment ^00 

Data Elements 45 ^to^te embodiment 300 is similar in many respects 

to embodiment 20, except that Local Crypto Support 
The data elements of the alternate embodiment 300 Device 320 and Crypto Support Center 310 perform 
correspond to those described with reference to em- certain functions performed by Crypto Media Control- 
hodiment 20. ler 26 and Security Server 24, respectively, embodiment 

Processing Elements 50 * tt^H?f m S *** W3 of 
* the Media Initialization and Key Generation and the 
Crypto Support Center Key Assignment process (for initialized media) Steps 
A Crypto Support Center 310 is provided for each 1-14 of embodiment 20. In addition, the Local Area 
organization or set of organizations. The Crypto Sup- Network 12 link used in embodiment 20 is replaced with 
port Center 310 is used for archival storage and distribu- 55 the secure connection established between Communica- 
tion of cryptographic keys. Crypto Support Center 310 tions Security Devices 312 and 322 in the Local Crypto 
is permanently installed in a secure area, and includes a Support Device 320 and Crypto Support Center 310. 
Secure Computer 311 and a Communications Security Media Initialization and Key Assignment 
Device 312. Secure Computer 311 may be of generally The following description of the media initialization 
the same design as Security Server 24 as described and 60 and key assignment operation refers to FIGS. 36 and 37. 
illustrated with reference to embodiment 20. However, An individual brings together a blank unit of physical 
there is no requirement that the Secure Computer 311 media 302, his or her Personal Keying Device 330, and 
be networked to the work stations 340 within the orga- the appropriate Local Crypto Support Device 320. If 
nidation. the media is fixed, Personal Keying Device 330 and 

Local Crvrv • imnort Device 65 l0Cal Crv P to Wpport device 320 are brought to the 

Local cryp. .upport Device Workstation 340 containing the fixed media 302. As 

There is at least one local Crypto Support Device 320 shown in FIG. 36, data interfaces are then established 
for each organization. Each local Crypto Support De- between Personal Keying Device 330 and Local Crypto 
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Support Device 320 on the one hand and in between 
Local Crypto Support Device 320 and the Crypto 
Media Controller 342 for the fixed media on the other. 
Once these interfaces are established, a secure link is 
made between Local Crypto Support Device 320 and 
Crypto Support Center 310 using the Communication 
Security Devices 312 and 322. The Trusted Path Proto- 
col of the present invention may be used to establish a 
secure link. 
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The present invention is to be limited only in accor- 
dance with the scope of the appended claims, since 
others skilled in the art may devise other embodiments 
still within the limits of the claims. The above-described 
detailed architectures are not meant to be limiting, and 
other equivalent forms may be substituted if desired. 

What is claimed is: 

1. A data enclave for securing data carried on physi- 
cal units of fixed and removable media in a network 
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IL^f ?Hjf ^f^ b i C L^L °J^?? J? 10 deluding a server and one or more workstations, one or 

+~ *u- i -t ^ *~ °* ~* n " J " MA more of the workstations including the physical units of 

fixed media, comprising: 
protected storage in the server and in each of the 
workstations; 

a crypto media controller in each workstation that 
can be used to read the fixed media and the remov- 
able media; 

a personal keying device assigned to each user in the 
enclave; 

an enclave key, a copy of which is held in the pro- 
tected storage in the server and in each of the 
workstations and used to protect other keys stored 
or transmitted on the network; 
a personal identification number (PIN) for user in the 
enclave; 

a media key for each unit of media; and 
an access vector associated with each media key to 
form media key/access vector pairs, the pairs 
stored in the personal keying devices, and used to 
represent the possible conditions of access to the 
data encrypted on the media for the user assigned 
to the personal keying device holding the media 
key/access vector pair or pairs; 
wherein the media key/access vector pairs stored in 
the personal keying devices are enciphered with a 
combined key formed from the user's PIN and the 
enclave key; 

wherein device attributes assigned to each worksta- 
tion are used to represent security attributes of the 
workstations; and 
wherein each crypto media controller includes logic 
for (0 reading a unit of media using the media key 
received from the personal keying device of the 
user seeking access to the data (ii) decrypting a 
media key/access vector pair received from a per- 
sonal keying device using the enclave key stored in 
the controller and the user PIN entered by a user in 
the personal keying device used by the user seeking 
access to the data, (in) decrypting the data on the 
media using the media key, and (iv) restricting 
access to the decrypted data based on the access 
vector and the device attributes for the workstation 
from which access is attempted. 
2. A data enclave method for securing data for an 
enclave of one or more users, wherein the data is car- 
ried on physical units of fixed and removable media in a 
network including a server and one or more worksta- 
tions, one or more of the workstations including the 
physical units of fixed media, the method comprising 
the steps of: 

providing protected storage in the server and in each 

of the workstations; 
providing a crypto media controller in each worksta- 
tion that can be used to read the fixed media and 
the removable media; 
providing a personal keying device assigned to each 
user in the enclave; 



brought to the Local Crypto Support Device 320, 
where it can be read and written using Disk Drive 326. 
This configuration is shown in FIG. 37. 

The individual desiring access to Media 302 then 
enters his or her PIN 58 into Personal Keying Device 
330 which transmits it to Local Crypto Support Device 
320. Local Crypto Support Device 320 extracts the 
encrypted User UID 56 from Personal Keying Device 
330 and decrypts it using the Enclave Key 50. 

Local Crypto Support Device 320 then initiates a 
secure connection to the Crypto Support Center 310 
and transmits the User UID 56 to it. 

Local Crypto Support Device 320 and the Crypto 
Support Center 310, with the optional aid of authorized 
individuals, generate a Media UID 54, Media Key 52, 25 
and Access Vector 60 for use of the media 302. At the 
end of this process, the Media UID 54, Media Key 52, 
User UID 56, and Access Vector 60 are archived to- 
gether at the Crypto Support Center 310 and stored 
temporarily in Local Crypto Support Device 320. 

Local Crypto Support Device 320 then writes the 
Media UID M to an appropriate location on Media 302 
(eg., Volume Label). It combines the User UID 56, 
Enclave Key 50, and PIN 58 to form a key with which 
it enciphers the Media Key/Access Vector pair 62. It 
uses the Media UID 54 to index storage 332 of Personal 
Keying Device 330 and stores the enciphered pair 62 in 
the appropriate location. 

At this point, the initialization is complete. Media 302 
can be identified and the individual's Personal Keying 40 
Device 330 contains a Media Key 52 which can only be 
used by an individual who has physical possession of 
that Personal Keying Device 330, knows that individu- 
al's PIN 50, and has Media 302 controlled by a Crypto 
Media Controller 342, containing the Enclave Key. 45 

Keying of Devices 

An individual establishes a data transfer interface 
between his or her Personal Keying Device 330 and any 
Crypto Media Controller 342 containing the Enclave 50 
Key, and between that Crypto Media Controller 342 
and the Media 302 the individual desires to access. If the 
media 302 is removable, this will involve placing the 
unit of media 302 into the appropriate device (eg. dis- 
kette drive) or the Workstation 340. From this point on, 55 
the alternate embodiment 300 operates in the same man- 
ner as the first described Data Enclave embodiment 20, 
as set forth in Steps 1-10 under the heading "Keying of 
Devices." 

Assignment for Already Initialized Media . 60 
Key assignment is performed in substantially the 
same fashion as Media Initialization and Key Genera- 
tion, insofar as the configuration and interaction of the 
Personal Keying Device 330, Workstation 340, Local 
Crypto Support Device 330 and Support Center 310 65 
interact to generate a Media Key/Access Vector pair 
91 for the already initialized media 302 by reference to 
the archived Media Key 42 for the media. 



06/05/2003, EAST Version: 1.03.0002 



39 



5,276,735 



providing an enclave key and storing a copy of the 
enclave key in the protected storage in the server 
and in each of the workstations and using it to 
protect other keys stored or transmitted on the 
network; 5 

providing each user in the enclave a personal identifi- 
cation number (PIN); 

associating a media key with each unit of media; 

providing an access vector associated with each 
media key to form media key/access vector pairs, 10 
storing the pairs in the personal keying devices, and 
using the pairs to represent possible conditions of 
access, by the user assigned to the personal keying 
device holding the media key/access vector pair or 
pairs, to data encrypted on the media associated 15 
with the media key; 

enciphering the media key/access vector pairs with a 
combined key formed from the user's PIN and the 
enclave key; 

storing the enciphered media key/access vector pairs 20 
in the personal keying device; assigning device 
attributes for each workstation to represent the 
security attributes of the workstations; and 
using the crypto media controller for (i) reading a 
unit of media using the media key received from 25 
the personal keying device of the user seeking ac- 
cess to the data, (ii) decrypting a media key/access 
vector pair received from a personal keying device 
using the enclave key stored in the controller and 
the user PIN entered by a user in the personal 30 
keying device used by the user seeking access to 
the data, (iii) decrypting the data on the media 
using the media key, and (iv) restricting access to 
the decrypted data based on the access vector and 
the device attributes for the workstation from 35 
which access is attempted. 
3. A data enclave for securing data carried on physi- 
cal units of fixed and removable media in a network 
including a server and one or more workstations, one or 
more of the workstations including the physical units of 40 
fixed media, comprising: 
protected storage in the server and in each of the 
workstations; 

a crypto media controller in each workstation that 
can be used to read the fixed media and the remov- 45 
able media; 

a personal keying device assigned to each user in the 
enclave; 

an enclave key, a copy of which is held in the pro- 
tected storage in the server and in each of the 50 
workstations and used to protect other keys stored 
or transmitted on the network; 

a personal identification number (PIN) for each user 
in the enclave; 

a user unique identifier (user UID) assigned to each 55 
user in the enclave and stored in the user's personal 
keying device encrypted with the enclave key; 

user attributes associated with each user to which a 
user UID has been assigned, and used to represent 
the privileges and other security related informa- 60 
tion that pertains to that user; 

a media key for each unit of media, and used to en- 
crypt and protect data carried on the media, the 
media keys stored in the personal keying devices; 

a media unique identifier (media UID) for each unit 65 
of media, stored on the media, and used to identify 
the media key for a particular unit of media stored 
in a particular personal keying device, and to iden- 
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tify media attributes assigned to the particular unit 
of media, wherein the media attributes associated 
with each unit of media to which a media UID has 
been assigned are used to represent the sensitivity 
or other security related information that may per- 
tain to the data carried on that unit of media; and 
an access vector associated with each media key to 
form media key/access vector pairs, stored in the 
personal keying devices, and used to represent the 
possible conditions of access to the data encrypted 
on the media for the user assigned to the personal 
keying device holding the media key/access vector 
pair or pairs, each access vector formed using the 
corresponding media attributes and user attributes, 
and a set of access rules; 
wherein the media key/access vector pairs stored in 
the personal keying devices are enciphered with a 
combined key formed from the user's UID, the 
user's PIN and the enclave key; 
wherein device attributes assigned to each worksta- 
tion are used to represent security attributes of the 
workstations; and 
wherein each crypto media controller includes m r ^tn 
control logic for restricting access to the data on 
the media based on the user's PIN, the access vec- 
tor and the device attributes for the workstation 
from which access is attempted. 
4. A system according to claim 3 further comprising: 
key management crypto logic in each crypto media 
controller for (i) receiving a requesting user's PIN 
from a personal keying device, (u) receiving an 
encrypted user UID from the personal keying de- 
vice and decrypting the user UID using the en- 
clave key, and (iii) forming a first packet including 
the requesting user's PIN, the user UID and a re- 
quest for initialization of a new unit of media, the 
request including the media attributes for the new 
unit of media; 
key management crypto logic in the server for de- 
crypting the first packet using the enclave key 
stored in the server; 
storage search logic in the server for (i) reading a user 
attribute data base stored in the server using the 
user UID as an index, (ii) returning a pass value if 
the requesting user's PIN received in the first 
packet matches a valid PIN stored in the user attri- 
bute data base, (iii) aborting the request for initial- 
ization if the requesting user's PIN in not valid, (iv) 
extracting the media attributes from the request 
and commanding a media attribute data base stored 
in the server to make an entry for the new unit of 
media, and to create a new media UID for the new 
unit of media, and (v) indexing the user attribute 
data base with the user UID to extract the set of 
security attributes pertaining to the requesting user 
and passing the security attributes to security pol- 
icy logic in the server; 
the security policy logic for accepting the media 
attributes and the requesting user's security attri- 
butes and, using a set of rules and/or under the 
direction of a system administrator, computing a 
new access vector which defines limits on the ac- 
cess the requesting user will have to the new unit of 
media; 

the key management crypto in the server also for (i) 
generating a new media key for the new unit of 
media, and (ii) and enciphering the new media 
key/access vector pair formed with the new media 
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key and new access vector with a combined key 
including the user UID, the user PIN and the en- 
clave key, to form a second packet; 

the itorage search logic also for storing the enci- 
phered second packet in a crypto key data base 5 
stored in the server, the second packet indexed 
according to the requesting user's user UID and 
the new media UID; 

the server further including logic for sending the new 
media UID and the second packet to. the worksta- 10 
tion from which the first packet was received; and 

the crypto media controller including storage search 
lope for 0) receiving the new media UID and 
writing it to an appropriate location on the new 
unit of media and (ii) storing the second packet 13 
containing the new media key/access vector pair in 
the personal keying device attached to the work- 
station using the new media UID as an index. 

5. A system according to claim 3 further comprising: 

key management crypto logic in each crypto media 20 
controller for (i) receiving a requesting user's PIN 
from a personal keying device, (ii) receiving an 
encrypted user UID from the personal keying de- 
vice and decrypting the user UID using the en- 
clave key, and (Hi) reading the media UID off an 25 
initialized unit of media and searching the personal 
keying device for a media key/access vector pair 
for the initialized unit of media for the requesting 
user using the user's PIN as an index, and (iv) if no 
pair is found generating a request for a key assign- 
ment; 

the crypto media controller key management crypto 
logic further for (0 forming a first packet including 
the requesting user's PIN and user UID, the media 
UID for the initialized unit of media, and the re- 
quest for key assignment, (ii) encrypting the first 
packet with the enclave key, and (hi) sending the 
packet to the security server over the network; 

key management crypto logic in the server for de- 
crypting the first packet using the enclave key 40 
stored in the server to obtain the requesting user's 
PIN and user UID, and the media UID and the 
request; 

storing search logic in the security server for (i) read- 
ing a user attribute data base stored in the server 45 
using the user UID as an index, (ii) returning a pass 
value if the requesting user's PIN received in the 
first packet matches a valid PIN stored in the user 
attribute data base, (iii) aborting the request for 
initialization set forth in the first packet if the re- 50 
questing user's PIN in not valid, (iv) reading the 
user attribute data base using the user's PIN as an 
index and extracting the security attributes of the 
requesting user, and (v) passing the security attri- 
butes to security policy logic in the server; 55 

the security policy logic receiving the security attri- 
butes and computing a new access vector which 
defines limits on the access the user may have to 
the initialized unit of media, the new access vector 
computed using a set of rules and/or with the inter- 60 
vention of a system administrator, 

the storage search logic also for CO finding an enci- 
phered key packet in a crypto key data base held in 
the security server which has been previously 
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tracted media key and the new access vector, and a 
new key packet including the new media key/ac- 
cess vector pair, the user UID, and the media UID, 
and placing the new key packet in the crypto key 
data base for archival purposes; 
the crypto key logic also for enciphering the new 
media key/access vector pair with a combined key 
including the user UID, the user's PIN, and the 
enclave key, and transmitting the enciphered 
packet along the network to the crypto media con- 
troller, and 

the crypto media controller using the media UID as 
an index to store the new media key/access vector 
pair in the personal keying device from which the 
user's PIN was entered whereby the personal key- 
ing device contains a media key which can only be 
used by someone who has physical possession of 
that personal keying device, knows the user PIN 
associated with the media key, and has physical 
possession of the unit of media controlled by a 
crypto media controller containing the enclave 
key, the access of the user further being restricted 
by the access vector paired with the media key. 

& A system according to claim 3 further comprising: 

the crypto media controller also for ® receiving a 
user PIN from a personal keying device from a user 
seeking access to an initialized unit of media under 
control of the crypto media controller, 

storage search logic in the crypto media controller 
for (i) reaching the initialized unit of media and 
extracting the media UID, (u) searching the stor- 
age in the personal keying device and extracting 
the enciphered media key/access vector pair for 
the media UID and passing it to a key management 
crypto in the crypto media controller; 

the key management crypto for 0) fetching the user 
UID from the personal keying device and deci- 
phering it using the enclave key, (b) combining the 
user UID, the user PIN, and the enclave key to 
form a combined key to decrypt the media key/ac- 
cess vector pair, and passing the extracted media 
key to a data crypto and the access vector to the 
access control logic; 

the data crypto for deciphering data on a unit of 
media using the media key and passing it to the 
access control logic, the data deciphered in re- 
sponse to a read or write request for the data by the 
workstation; 

the access control logic for controlling whether the 
desired mode of access is permitted based on the 
access vector and the device attributes contained 
within the crypto media controller, and aborting 
the attempted access to the data if the access is not 
permitted and otherwise permitting the access 
whereby data is transferred to a workstation for 
processing; and 
the crypto media controller including logic for caus- 
ing a complete reset of the crypto media controller 
and requiring the keying process to be started from 
the beginning in the event that the personal keying 
device is uncoupled or the unit of media is removed 
from the workstation. 
7. A data enclave method for securing data carried on 



stored and which contains the media key for the 65 physical units of fixed and removable media in a net- 
initialized unit of media, (ii) when a packet is found work including a server and one or more workstations, 
extracting the media key from it, and (iii) forming a one or more of the workstations including the physical 
new media key/access vector pair with the ex- units of fixed media, comprising the steps of: 



06/05/2003, EAST Version: 1.03.0002 



43 



5,276,735 



44 



to 



IS 



20 



(a) providing protected storage in the server and in 
each of the workstations; 

(b) providing a crypto media controller in each work- 
station and using it to read the fixed media and the 
removable media; 

(c) providing a personal keying device for each user 
in the enclave; 

(d) providing an enclave key, a copy held in the pro- 
tected storage in the server and in each of the 
workstations, and using it to protect other keys 
stored or transmitted on the network; 

(e) providing a personal identification number (PIN) 
for each user in the enclave; 

(I) providing a user unique identifier (user UID) for 
each user in the enclave and storing it in the user's 
personal keying device encrypted with the enclave 
key; 

(g) providing user attributes for each user to which a 
user UID has been assigned, and using them repre- 
sent the privileges and other security related infor- 
mation that pertains to each user; 

(h) providing a media key for each unit of media, 
wherein the media key is used to encrypt and pro- 
tect data carried on the media and wherein the 
media keys are stored in the personal keying de- 25 
vices; 

0) providing a media unique identifier (media UID) 
for each unit of media, and storing it on the associ- 
ated media, and using them to identify the corre- 
sponding media key for the unit of media stored in 30 
a persona] keying device, and to identify media 
attributes assigned to the unit of media; 

(j) providing media attributes associated with each 
unit of media to which a media UID has been as- 
signed, and using them to represent the sensitivity 35 
or other security related information that may per- 
tain to the data carried on the units of media; 

(k) providing an access vector associated with each 
media key to form media key/access vector pairs, 
storing them in the persona] keying devices, and 40 
using them to represent the possible conditions of 
access to the data encrypted on the media for the 
user assigned to the persona] keying device holding 
the media key/access vector pair or pain, and 
forming the access vector using the corresponding 45 
media attributes and user attributes, and a set of 
access rules; 

(1) enciphering the media key/access vector pairs 
with a combined key, wherein the combined key 
includes the user's UID, the user's PIN and the 50 
enclave key; 

(m) storing the enciphered media key /access vector 

pairs in the personal keying devices; 
(n) providing device attributes for each workstation, 

and using them to represent the security attributes 55 

of the workstations; and 
(o) providing access control logic in each crypto 

media controller for restricting access to the data 

on the media based on the user's PIN, the access 

vector and the device attributes for the workstation 60 

from which access is attempted, 
ft. A method according to claim 7 further comprising 
the steps of 

(a) providing key management crypto logic in each 
crypto media controller for (i) receiving a request- 
ing user's PIN from a personal keying devices, (ii) 
receiving an encrypted user UID from the personal 
keying device and decrypting the user UID using 
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the enclave key, and (iii) forming a first packet 
including the requesting user's PIN, the user UID 
and a request for initialization of a new unit of 
media, the request including the media attributes 
for the new unit of media; 

(b) providing key management crypto logic in the 
server for decrypting the first packet using the 
enclave key stored in the server; 

(c) providing storage search logic in the server for fi) 
reading a user attribute data base stored in the 
server using the user UID as an index, (ii) returning 
a pass value if the requesting user's PIN received in 
the first packet matches a valid PIN stored in the 
user attribute data base, (iii) aborting the request 
for initialization if the requesting user's PIN in not 
valid, (iv) extracting the media attributes from the 
request and commanding a media attribute data 
base stored in the server to make an entry for the 
new unit of media, and to create a new media UID 
for the new unit of media, and (v) indexing the user 
attribute data base with the user UID to extract the 
set of security attributes pertaining to the request- 
ing user and passing the security attributes to secu- 
rity policy logic in the server; 

(d) the security policy logic accepting the media 
attributes and the requesting user's security attri- 
butes and, using a set of rules and/or under the 
direction of a system administrator, computing a 
new access vector which defines limits on the ac- 
cess the requesting user will have to the new unit of 
media; 

(e) the key management crypto in the server also (i) 
generating, with the optional aid of a system ad- 
ministrator, a new media key for the new unit of 
media, and (ii) and enciphering the new media 
key/access vector pair formed with the new media 
key and new access vector with a combined key 
including the user UID, the user PIN and the en- 
clave key, to form a second packet; 

(f) the storage search logic also storing the enci- 
phered second packet in a crypto key data base 
stored in the server, the second packet indexed 
according to the requesting user*user UID and the 
new media UID; 

(g) providing further logic for sending the new media 
UID and the second packet to the workstation 
from which the first packet was received; and 

(h) providing storage search logic in the crypto media 
controller for (i) receiving the new media UID and 
writing it to an appropriate location on the new 
unit of media and (ii) storing the second packet 
containing the new media key/access vector pair in 
the personal keying device attached to the work- 
station using the new media UID as an index. 

9. A method according to claim 7 further comprising 
the steps of: 

(a) providing key management crypto logic in each 
crypto media controller for (i) receiving a request- 
ing user's PIN from a personal keying device, (u) 
receiving an encrypted user UID from the personal 
keying device and decrypting the user UID using 
the enclave key, and (iii) reading the media UID off 
an initialized unit of media and searching the per- 
sonal keying device for a media key/access vector 
pair for the initialized unit of media for the request- 
ing user using the user's PIN as an index, and (iv) if 
no pair is found generating a request for a key 
assignment; 
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(b) the key management crypto logic in the worksta- 
tions further (i) forming a first packet including the 
requesting user the initialized unit of media, and the 
request for key assignment, (ii) encrypting the first 
packet with the enclave key, and (iii) sending the 
packet to the security server over, the network; 

(c) providing key management crypto logic in the 
server for decrypting the first packet using the 
enclave key stored in the server to obtain the re- 
questing user's PIN and user UID, and the media 
UID and the request; 

(d) providing storage search logic in the security 
server for (i) reading a user attribute data base 
stored in the server using the user UID as an index, 
(ii) returning a pass value if the requesting user's 
FIN received in the first packet matches a valid 
PIN stored in the user attribute data base, (iii) 
aborting the request for initialization set forth in 
the first packet if the requesting user's PIN in not 
valid, Civ) reading the user attribute data base using 
the user's PIN as an index and extracting the secu- 
rity attributes of the requesting user, and (v) pass- 
ing the security attributes to security policy logic in 
the server; 

(f) the security policy logic receiving the security 
attributes and computing a new access vector 
which defines limits on the access the user may 
have to the initialized unit of media, the new access 
vector computed using a set of rules and/or with - 
the intervention of a system administrator; 

(g) the storage search logic also (0 rinding an enci- 
phered key packet in a crypto key data base held in 
the security server which has been previously 
stored and which contains the media key for the 35 
initialized unit of media, (n) when a packet is found 
extracting the media key from it, and (iii) forming a 
new media key/access vector pair with the ex- 
tracted media key and the new access vector, and a 
new key packet including the new media key/ac- 40 
cess vector pair, the user UID, and the media UID, 
and placing the new key packet in the crypto key 
data base for archival purposes; 

(h) the crypto key logic also enciphering the new 
media key/access vector pair with a combined key 43 
including the user UID, the user's PIN, and the 
enclave key, and transmitting the enciphered 
packet along the network to the crypto media con- 
troller, and 

0) the crypto media controller using the media UID 50 
as an index to store the new media key./access 
vector pair in the personal keying device from 
which the user's PIN was entered whereby the 
personal keying device contains a media key which 
can only be used by someone who has physical 55 
p os s es s io n of that personal keying device, knows 
the user PIN associated with the media key, and 
has physical possession of the unit of media con- 
trolled by a crypto media controller containing the 
enclave key, the access of the user further being 60 
restricted by the access vector paired with the 
media key. 

10. A method according to claim 7 further compris- 
ing the steps of: 

(a) the crypto media controller also CO receiving a 65 
user PIN from a personal keying device from a user 
seeking access to an initialized unit of media under 
control of the crypto media controller; 
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(b) providing storage search logic in the crypto media 
controller for (0 reading the initialized unit of 
media and extracting the media UID, 00 searching 
the storage in the personal keying device and ex- 
tracting the enciphered media key/access vector 
pair for the media UID and passing it to a key 
management crypto in the crypto media controller; 

(c) the key management crypto (i) fetching the user 
UID from the personal keying device and deci- 
phering it using the enclave key, 00 combining the 
user UID, the user PIN, and the enclave key to 
form a combined key to decrypt the media key/ac- 
cess vector pair, and passing the extracted media 
key to a data crypto and the access vector to the 
access control logic; 

(d) the data crypto deciphering data on a unit of 
media using the media key and passing it to the 
access control logic, the data deciphered in re- 
sponse to a read or write request for the data by the 
workstation; 

(e) the access control logic controlling whether the 
desired mode of access is permitted based on the 
access vector and the device attributes contained 
within the crypto media controller, and aborting 
the attempted access to the data if the access is not 
permitted and otherwise permitting the access 
whereby data is transferred to a workstation for 
processing; and 

(I) providing logic in the crypto media controller for 
causing a complete reset of the crypto media con- 
troller and requiring the keying process to be 
started from the beginning in the event that the 
persona] keying device is uncoupled or the unit of 
media is removed from the workstation. 

11. A trusted path system for communication be- 
tween a workstation and a secure computer over an 
untrusted c om mu n ication medium, comprising; 

a logic and control unit in the workstation and in the 
secure computer; 

an end-to-end authentication token exchange proto- 
col used to assure the logic and control unit in the 
workstation is communicating with an authentic 
logic and control unit in the secure computer, and 
vice versa; 

the token exchange protocol operating by inserting a 
token encrypted with a first keystream in messages 
from the workstation to the secure computer, 
wherein the token is developed from an encrypted 
token received from the secure computer in a pre- 
vious transaction, wherein the received encrypted 
token is encrypted with a second keystream and 
wherein the step of inserting the token comprises 
decrypting the token with the second keystream 
before encrypting the token with the first keys- 
tream, the step of inserting the token serving to 
chain transactions together so that a forged trans- 
action entered into the interaction between the 
workstation and the secure computer is detected 
the next time a legitimate transaction is received by 
a logic and control unit; 

a cryptographic checksum protocol used to assure 
transactions between the logic and control units 
have not been tampered with, the checksum proto- 
col authenticating single transactions between the 
workstation and the secure computer rather than 
sequences of transactions; and 

an identification and authentication protocol invoked 
when a user wishes to interact with the secure 
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computer for some period of time, using the key- 
board and display of the workstation and the (in- 
trusted communications medium, the period of 

interaction being a session, and the act of initiating 

a session called logon, and that of terminating a 

session is called logout. 
. 12. A method of chaining transactions between a 
workstation and a secure computer over an untrusted 
communication medium to ensure an authenticated 
interchange, the method comprising the steps of: 
providing a keystream stored in the workstation and 

the secure computer; 
providing first, second and third tokens stored in the 

secure computer; 
providing an encrypted first token stored in the 

workstation, wherein the encrypted first token is 

formed by encrypting the first token with a first 

portion of the keystream; 
performing a first transaction, wherein the step of ^ 

performing the first transaction comprises the steps 

of: 

sending a first message from the secure computer 
to the workstation, wherein the first message 
includes an encrypted second token formed by 25 
encrypting the second token with a second por- 
tion of the keystream; 

storing the encrypted second token in the worksta- 
tion; 

sending a section message from the workstation to 30 
the secure computer, wherein the second mes- 
sage includes a re-encrypted first token formed 
by decrypting the encrypted first token with the 
first portion of the keystream and re-encrypting 
the decrypted first token with a third portion of 35 are not the same 
the keystream; 
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decrypting, at the secure computer, the re- 
encrypted token with the third portion of the 
keystream; and 
comparing the first token to the decrypted re- 
encrypted first token to determine if they match; 
and 

performing a second transaction, wherein the step of 
performing the second transaction comprises the 
steps of: 

sending a third message from the secure computer 
to the workstation, wherein the third message 
includes an encrypted third token formed by 
encrypting the third token with a forth portion 
of the keystream; 
storing the encrypted third token in the worksta- 
tion; 

sending a fourth message from the workstation 
to the secure computer, wherein the fourth 
message includes a re-encrypted second token 
formed by decrypting the encrypted second 
token with the second portion of the keys- 
tream and re-encrypting the decrypted second 
token with a fifth portion of the keystream; 
decrypting, at the secure computer, the re- 
encrypted token with the fifth portion of the 
keystream; and 
comparing the second token to the decrypted re- 
encrypted second token to determine if they 
match. 

13. The method of chaining transactions according to 
claim 12 wherein the step of comparing the first token 
to. the decrypted re-encrypted first token includes the 
step of synchronizing transfers between the secure com- 
puter and the workstation when the compared tokens 
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